1*62c56f98SSadaf Ebrahimi/* BEGIN_HEADER */ 2*62c56f98SSadaf Ebrahimi#include "mbedtls/ccm.h" 3*62c56f98SSadaf Ebrahimi 4*62c56f98SSadaf Ebrahimi/* Use the multipart interface to process the encrypted data in two parts 5*62c56f98SSadaf Ebrahimi * and check that the output matches the expected output. 6*62c56f98SSadaf Ebrahimi * The context must have been set up with the key. */ 7*62c56f98SSadaf Ebrahimistatic int check_multipart(mbedtls_ccm_context *ctx, 8*62c56f98SSadaf Ebrahimi int mode, 9*62c56f98SSadaf Ebrahimi const data_t *iv, 10*62c56f98SSadaf Ebrahimi const data_t *add, 11*62c56f98SSadaf Ebrahimi const data_t *input, 12*62c56f98SSadaf Ebrahimi const data_t *expected_output, 13*62c56f98SSadaf Ebrahimi const data_t *tag, 14*62c56f98SSadaf Ebrahimi size_t n1, 15*62c56f98SSadaf Ebrahimi size_t n1_add) 16*62c56f98SSadaf Ebrahimi{ 17*62c56f98SSadaf Ebrahimi int ok = 0; 18*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 19*62c56f98SSadaf Ebrahimi size_t n2 = input->len - n1; 20*62c56f98SSadaf Ebrahimi size_t n2_add = add->len - n1_add; 21*62c56f98SSadaf Ebrahimi size_t olen; 22*62c56f98SSadaf Ebrahimi 23*62c56f98SSadaf Ebrahimi /* Sanity checks on the test data */ 24*62c56f98SSadaf Ebrahimi TEST_ASSERT(n1 <= input->len); 25*62c56f98SSadaf Ebrahimi TEST_ASSERT(n1_add <= add->len); 26*62c56f98SSadaf Ebrahimi TEST_EQUAL(input->len, expected_output->len); 27*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(ctx, mode, iv->x, iv->len)); 28*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(ctx, add->len, input->len, tag->len)); 29*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x, n1_add)); 30*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x + n1_add, n2_add)); 31*62c56f98SSadaf Ebrahimi 32*62c56f98SSadaf Ebrahimi /* Allocate a tight buffer for each update call. This way, if the function 33*62c56f98SSadaf Ebrahimi * tries to write beyond the advertised required buffer size, this will 34*62c56f98SSadaf Ebrahimi * count as an overflow for memory sanitizers and static checkers. */ 35*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, n1); 36*62c56f98SSadaf Ebrahimi olen = 0xdeadbeef; 37*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x, n1, output, n1, &olen)); 38*62c56f98SSadaf Ebrahimi TEST_EQUAL(n1, olen); 39*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, olen, expected_output->x, n1); 40*62c56f98SSadaf Ebrahimi mbedtls_free(output); 41*62c56f98SSadaf Ebrahimi output = NULL; 42*62c56f98SSadaf Ebrahimi 43*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, n2); 44*62c56f98SSadaf Ebrahimi olen = 0xdeadbeef; 45*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x + n1, n2, output, n2, &olen)); 46*62c56f98SSadaf Ebrahimi TEST_EQUAL(n2, olen); 47*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, olen, expected_output->x + n1, n2); 48*62c56f98SSadaf Ebrahimi mbedtls_free(output); 49*62c56f98SSadaf Ebrahimi output = NULL; 50*62c56f98SSadaf Ebrahimi 51*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, tag->len); 52*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_finish(ctx, output, tag->len)); 53*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); 54*62c56f98SSadaf Ebrahimi mbedtls_free(output); 55*62c56f98SSadaf Ebrahimi output = NULL; 56*62c56f98SSadaf Ebrahimi 57*62c56f98SSadaf Ebrahimi ok = 1; 58*62c56f98SSadaf Ebrahimiexit: 59*62c56f98SSadaf Ebrahimi mbedtls_free(output); 60*62c56f98SSadaf Ebrahimi return ok; 61*62c56f98SSadaf Ebrahimi} 62*62c56f98SSadaf Ebrahimi/* END_HEADER */ 63*62c56f98SSadaf Ebrahimi 64*62c56f98SSadaf Ebrahimi/* BEGIN_DEPENDENCIES 65*62c56f98SSadaf Ebrahimi * depends_on:MBEDTLS_CCM_C 66*62c56f98SSadaf Ebrahimi * END_DEPENDENCIES 67*62c56f98SSadaf Ebrahimi */ 68*62c56f98SSadaf Ebrahimi 69*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ 70*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_self_test() 71*62c56f98SSadaf Ebrahimi{ 72*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ccm_self_test(1) == 0); 73*62c56f98SSadaf Ebrahimi} 74*62c56f98SSadaf Ebrahimi/* END_CASE */ 75*62c56f98SSadaf Ebrahimi 76*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 77*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_setkey(int cipher_id, int key_size, int result) 78*62c56f98SSadaf Ebrahimi{ 79*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 80*62c56f98SSadaf Ebrahimi unsigned char key[32]; 81*62c56f98SSadaf Ebrahimi int ret; 82*62c56f98SSadaf Ebrahimi 83*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 84*62c56f98SSadaf Ebrahimi 85*62c56f98SSadaf Ebrahimi memset(key, 0x2A, sizeof(key)); 86*62c56f98SSadaf Ebrahimi TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key)); 87*62c56f98SSadaf Ebrahimi 88*62c56f98SSadaf Ebrahimi ret = mbedtls_ccm_setkey(&ctx, cipher_id, key, key_size); 89*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == result); 90*62c56f98SSadaf Ebrahimi 91*62c56f98SSadaf Ebrahimiexit: 92*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 93*62c56f98SSadaf Ebrahimi} 94*62c56f98SSadaf Ebrahimi/* END_CASE */ 95*62c56f98SSadaf Ebrahimi 96*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 97*62c56f98SSadaf Ebrahimivoid ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res) 98*62c56f98SSadaf Ebrahimi{ 99*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 100*62c56f98SSadaf Ebrahimi unsigned char key[16]; 101*62c56f98SSadaf Ebrahimi unsigned char msg[10]; 102*62c56f98SSadaf Ebrahimi unsigned char iv[14]; 103*62c56f98SSadaf Ebrahimi unsigned char *add = NULL; 104*62c56f98SSadaf Ebrahimi unsigned char out[10]; 105*62c56f98SSadaf Ebrahimi unsigned char tag[18]; 106*62c56f98SSadaf Ebrahimi int decrypt_ret; 107*62c56f98SSadaf Ebrahimi 108*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 109*62c56f98SSadaf Ebrahimi 110*62c56f98SSadaf Ebrahimi TEST_CALLOC_OR_SKIP(add, add_len); 111*62c56f98SSadaf Ebrahimi memset(key, 0, sizeof(key)); 112*62c56f98SSadaf Ebrahimi memset(msg, 0, sizeof(msg)); 113*62c56f98SSadaf Ebrahimi memset(iv, 0, sizeof(iv)); 114*62c56f98SSadaf Ebrahimi memset(out, 0, sizeof(out)); 115*62c56f98SSadaf Ebrahimi memset(tag, 0, sizeof(tag)); 116*62c56f98SSadaf Ebrahimi 117*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, 118*62c56f98SSadaf Ebrahimi key, 8 * sizeof(key)) == 0); 119*62c56f98SSadaf Ebrahimi 120*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ccm_encrypt_and_tag(&ctx, msg_len, iv, iv_len, add, add_len, 121*62c56f98SSadaf Ebrahimi msg, out, tag, tag_len) == res); 122*62c56f98SSadaf Ebrahimi 123*62c56f98SSadaf Ebrahimi decrypt_ret = mbedtls_ccm_auth_decrypt(&ctx, msg_len, iv, iv_len, add, add_len, 124*62c56f98SSadaf Ebrahimi msg, out, tag, tag_len); 125*62c56f98SSadaf Ebrahimi 126*62c56f98SSadaf Ebrahimi if (res == 0) { 127*62c56f98SSadaf Ebrahimi TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED); 128*62c56f98SSadaf Ebrahimi } else { 129*62c56f98SSadaf Ebrahimi TEST_ASSERT(decrypt_ret == res); 130*62c56f98SSadaf Ebrahimi } 131*62c56f98SSadaf Ebrahimi 132*62c56f98SSadaf Ebrahimiexit: 133*62c56f98SSadaf Ebrahimi mbedtls_free(add); 134*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 135*62c56f98SSadaf Ebrahimi} 136*62c56f98SSadaf Ebrahimi/* END_CASE */ 137*62c56f98SSadaf Ebrahimi 138*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 139*62c56f98SSadaf Ebrahimivoid ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len, 140*62c56f98SSadaf Ebrahimi int res) 141*62c56f98SSadaf Ebrahimi{ 142*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 143*62c56f98SSadaf Ebrahimi unsigned char key[16]; 144*62c56f98SSadaf Ebrahimi unsigned char msg[10]; 145*62c56f98SSadaf Ebrahimi unsigned char iv[14]; 146*62c56f98SSadaf Ebrahimi unsigned char add[10]; 147*62c56f98SSadaf Ebrahimi unsigned char out[10]; 148*62c56f98SSadaf Ebrahimi unsigned char tag[18]; 149*62c56f98SSadaf Ebrahimi int decrypt_ret; 150*62c56f98SSadaf Ebrahimi 151*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 152*62c56f98SSadaf Ebrahimi 153*62c56f98SSadaf Ebrahimi memset(key, 0, sizeof(key)); 154*62c56f98SSadaf Ebrahimi memset(msg, 0, sizeof(msg)); 155*62c56f98SSadaf Ebrahimi memset(iv, 0, sizeof(iv)); 156*62c56f98SSadaf Ebrahimi memset(add, 0, sizeof(add)); 157*62c56f98SSadaf Ebrahimi memset(out, 0, sizeof(out)); 158*62c56f98SSadaf Ebrahimi memset(tag, 0, sizeof(tag)); 159*62c56f98SSadaf Ebrahimi 160*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, 161*62c56f98SSadaf Ebrahimi key, 8 * sizeof(key)) == 0); 162*62c56f98SSadaf Ebrahimi 163*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg_len, iv, iv_len, 164*62c56f98SSadaf Ebrahimi add, add_len, msg, out, tag, tag_len) == res); 165*62c56f98SSadaf Ebrahimi 166*62c56f98SSadaf Ebrahimi decrypt_ret = mbedtls_ccm_star_auth_decrypt(&ctx, msg_len, iv, iv_len, add, 167*62c56f98SSadaf Ebrahimi add_len, msg, out, tag, tag_len); 168*62c56f98SSadaf Ebrahimi 169*62c56f98SSadaf Ebrahimi if (res == 0 && tag_len != 0) { 170*62c56f98SSadaf Ebrahimi TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED); 171*62c56f98SSadaf Ebrahimi } else { 172*62c56f98SSadaf Ebrahimi TEST_ASSERT(decrypt_ret == res); 173*62c56f98SSadaf Ebrahimi } 174*62c56f98SSadaf Ebrahimi 175*62c56f98SSadaf Ebrahimiexit: 176*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 177*62c56f98SSadaf Ebrahimi} 178*62c56f98SSadaf Ebrahimi/* END_CASE */ 179*62c56f98SSadaf Ebrahimi 180*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 181*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key, 182*62c56f98SSadaf Ebrahimi data_t *msg, data_t *iv, 183*62c56f98SSadaf Ebrahimi data_t *add, data_t *result) 184*62c56f98SSadaf Ebrahimi{ 185*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 186*62c56f98SSadaf Ebrahimi size_t n1, n1_add; 187*62c56f98SSadaf Ebrahimi uint8_t *io_msg_buf = NULL; 188*62c56f98SSadaf Ebrahimi uint8_t *tag_buf = NULL; 189*62c56f98SSadaf Ebrahimi const size_t expected_tag_len = result->len - msg->len; 190*62c56f98SSadaf Ebrahimi const uint8_t *expected_tag = result->x + msg->len; 191*62c56f98SSadaf Ebrahimi 192*62c56f98SSadaf Ebrahimi /* Prepare input/output message buffer */ 193*62c56f98SSadaf Ebrahimi TEST_CALLOC(io_msg_buf, msg->len); 194*62c56f98SSadaf Ebrahimi if (msg->len != 0) { 195*62c56f98SSadaf Ebrahimi memcpy(io_msg_buf, msg->x, msg->len); 196*62c56f98SSadaf Ebrahimi } 197*62c56f98SSadaf Ebrahimi 198*62c56f98SSadaf Ebrahimi /* Prepare tag buffer */ 199*62c56f98SSadaf Ebrahimi TEST_CALLOC(tag_buf, expected_tag_len); 200*62c56f98SSadaf Ebrahimi 201*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 202*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 203*62c56f98SSadaf Ebrahimi /* Test with input == output */ 204*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len, 205*62c56f98SSadaf Ebrahimi io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), 0); 206*62c56f98SSadaf Ebrahimi 207*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(io_msg_buf, msg->len, result->x, msg->len); 208*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len); 209*62c56f98SSadaf Ebrahimi 210*62c56f98SSadaf Ebrahimi /* Prepare data_t structures for multipart testing */ 211*62c56f98SSadaf Ebrahimi const data_t encrypted_expected = { .x = result->x, 212*62c56f98SSadaf Ebrahimi .len = msg->len }; 213*62c56f98SSadaf Ebrahimi const data_t tag_expected = { .x = (uint8_t *) expected_tag, /* cast to conform with data_t x type */ 214*62c56f98SSadaf Ebrahimi .len = expected_tag_len }; 215*62c56f98SSadaf Ebrahimi 216*62c56f98SSadaf Ebrahimi for (n1 = 0; n1 <= msg->len; n1 += 1) { 217*62c56f98SSadaf Ebrahimi for (n1_add = 0; n1_add <= add->len; n1_add += 1) { 218*62c56f98SSadaf Ebrahimi mbedtls_test_set_step(n1 * 10000 + n1_add); 219*62c56f98SSadaf Ebrahimi if (!check_multipart(&ctx, MBEDTLS_CCM_ENCRYPT, 220*62c56f98SSadaf Ebrahimi iv, add, msg, 221*62c56f98SSadaf Ebrahimi &encrypted_expected, 222*62c56f98SSadaf Ebrahimi &tag_expected, 223*62c56f98SSadaf Ebrahimi n1, n1_add)) { 224*62c56f98SSadaf Ebrahimi goto exit; 225*62c56f98SSadaf Ebrahimi } 226*62c56f98SSadaf Ebrahimi } 227*62c56f98SSadaf Ebrahimi } 228*62c56f98SSadaf Ebrahimi 229*62c56f98SSadaf Ebrahimiexit: 230*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 231*62c56f98SSadaf Ebrahimi mbedtls_free(io_msg_buf); 232*62c56f98SSadaf Ebrahimi mbedtls_free(tag_buf); 233*62c56f98SSadaf Ebrahimi} 234*62c56f98SSadaf Ebrahimi/* END_CASE */ 235*62c56f98SSadaf Ebrahimi 236*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 237*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key, 238*62c56f98SSadaf Ebrahimi data_t *msg, data_t *iv, data_t *result) 239*62c56f98SSadaf Ebrahimi{ 240*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 241*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 242*62c56f98SSadaf Ebrahimi size_t olen; 243*62c56f98SSadaf Ebrahimi 244*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 245*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 246*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 247*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0)); 248*62c56f98SSadaf Ebrahimi 249*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, msg->len); 250*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); 251*62c56f98SSadaf Ebrahimi TEST_EQUAL(result->len, olen); 252*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, olen, result->x, result->len); 253*62c56f98SSadaf Ebrahimi 254*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, NULL, 0)); 255*62c56f98SSadaf Ebrahimiexit: 256*62c56f98SSadaf Ebrahimi mbedtls_free(output); 257*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 258*62c56f98SSadaf Ebrahimi} 259*62c56f98SSadaf Ebrahimi/* END_CASE */ 260*62c56f98SSadaf Ebrahimi 261*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 262*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key, 263*62c56f98SSadaf Ebrahimi data_t *msg, data_t *iv, 264*62c56f98SSadaf Ebrahimi data_t *add, int expected_tag_len, int result, 265*62c56f98SSadaf Ebrahimi data_t *expected_msg) 266*62c56f98SSadaf Ebrahimi{ 267*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 268*62c56f98SSadaf Ebrahimi size_t n1, n1_add; 269*62c56f98SSadaf Ebrahimi 270*62c56f98SSadaf Ebrahimi const size_t expected_msg_len = msg->len - expected_tag_len; 271*62c56f98SSadaf Ebrahimi const uint8_t *expected_tag = msg->x + expected_msg_len; 272*62c56f98SSadaf Ebrahimi 273*62c56f98SSadaf Ebrahimi /* Prepare input/output message buffer */ 274*62c56f98SSadaf Ebrahimi uint8_t *io_msg_buf = NULL; 275*62c56f98SSadaf Ebrahimi TEST_CALLOC(io_msg_buf, expected_msg_len); 276*62c56f98SSadaf Ebrahimi if (expected_msg_len) { 277*62c56f98SSadaf Ebrahimi memcpy(io_msg_buf, msg->x, expected_msg_len); 278*62c56f98SSadaf Ebrahimi } 279*62c56f98SSadaf Ebrahimi 280*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 281*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 282*62c56f98SSadaf Ebrahimi /* Test with input == output */ 283*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_auth_decrypt(&ctx, expected_msg_len, iv->x, iv->len, add->x, add->len, 284*62c56f98SSadaf Ebrahimi io_msg_buf, io_msg_buf, expected_tag, expected_tag_len), 285*62c56f98SSadaf Ebrahimi result); 286*62c56f98SSadaf Ebrahimi 287*62c56f98SSadaf Ebrahimi if (result == 0) { 288*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len); 289*62c56f98SSadaf Ebrahimi 290*62c56f98SSadaf Ebrahimi /* Prepare data_t structures for multipart testing */ 291*62c56f98SSadaf Ebrahimi const data_t encrypted = { .x = msg->x, 292*62c56f98SSadaf Ebrahimi .len = expected_msg_len }; 293*62c56f98SSadaf Ebrahimi 294*62c56f98SSadaf Ebrahimi const data_t tag_expected = { .x = (uint8_t *) expected_tag, 295*62c56f98SSadaf Ebrahimi .len = expected_tag_len }; 296*62c56f98SSadaf Ebrahimi 297*62c56f98SSadaf Ebrahimi for (n1 = 0; n1 <= expected_msg_len; n1 += 1) { 298*62c56f98SSadaf Ebrahimi for (n1_add = 0; n1_add <= add->len; n1_add += 1) { 299*62c56f98SSadaf Ebrahimi mbedtls_test_set_step(n1 * 10000 + n1_add); 300*62c56f98SSadaf Ebrahimi if (!check_multipart(&ctx, MBEDTLS_CCM_DECRYPT, 301*62c56f98SSadaf Ebrahimi iv, add, &encrypted, 302*62c56f98SSadaf Ebrahimi expected_msg, 303*62c56f98SSadaf Ebrahimi &tag_expected, 304*62c56f98SSadaf Ebrahimi n1, n1_add)) { 305*62c56f98SSadaf Ebrahimi goto exit; 306*62c56f98SSadaf Ebrahimi } 307*62c56f98SSadaf Ebrahimi } 308*62c56f98SSadaf Ebrahimi } 309*62c56f98SSadaf Ebrahimi } else { 310*62c56f98SSadaf Ebrahimi size_t i; 311*62c56f98SSadaf Ebrahimi 312*62c56f98SSadaf Ebrahimi for (i = 0; i < expected_msg_len; i++) { 313*62c56f98SSadaf Ebrahimi TEST_EQUAL(io_msg_buf[i], 0); 314*62c56f98SSadaf Ebrahimi } 315*62c56f98SSadaf Ebrahimi } 316*62c56f98SSadaf Ebrahimi 317*62c56f98SSadaf Ebrahimiexit: 318*62c56f98SSadaf Ebrahimi mbedtls_free(io_msg_buf); 319*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 320*62c56f98SSadaf Ebrahimi} 321*62c56f98SSadaf Ebrahimi/* END_CASE */ 322*62c56f98SSadaf Ebrahimi 323*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 324*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_star_encrypt_and_tag(int cipher_id, 325*62c56f98SSadaf Ebrahimi data_t *key, data_t *msg, 326*62c56f98SSadaf Ebrahimi data_t *source_address, data_t *frame_counter, 327*62c56f98SSadaf Ebrahimi int sec_level, data_t *add, 328*62c56f98SSadaf Ebrahimi data_t *expected_result, int output_ret) 329*62c56f98SSadaf Ebrahimi{ 330*62c56f98SSadaf Ebrahimi unsigned char iv[13]; 331*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 332*62c56f98SSadaf Ebrahimi size_t iv_len, expected_tag_len; 333*62c56f98SSadaf Ebrahimi size_t n1, n1_add; 334*62c56f98SSadaf Ebrahimi uint8_t *io_msg_buf = NULL; 335*62c56f98SSadaf Ebrahimi uint8_t *tag_buf = NULL; 336*62c56f98SSadaf Ebrahimi 337*62c56f98SSadaf Ebrahimi const uint8_t *expected_tag = expected_result->x + msg->len; 338*62c56f98SSadaf Ebrahimi 339*62c56f98SSadaf Ebrahimi /* Calculate tag length */ 340*62c56f98SSadaf Ebrahimi if (sec_level % 4 == 0) { 341*62c56f98SSadaf Ebrahimi expected_tag_len = 0; 342*62c56f98SSadaf Ebrahimi } else { 343*62c56f98SSadaf Ebrahimi expected_tag_len = 1 << (sec_level % 4 + 1); 344*62c56f98SSadaf Ebrahimi } 345*62c56f98SSadaf Ebrahimi 346*62c56f98SSadaf Ebrahimi /* Prepare input/output message buffer */ 347*62c56f98SSadaf Ebrahimi TEST_CALLOC(io_msg_buf, msg->len); 348*62c56f98SSadaf Ebrahimi if (msg->len) { 349*62c56f98SSadaf Ebrahimi memcpy(io_msg_buf, msg->x, msg->len); 350*62c56f98SSadaf Ebrahimi } 351*62c56f98SSadaf Ebrahimi 352*62c56f98SSadaf Ebrahimi /* Prepare tag buffer */ 353*62c56f98SSadaf Ebrahimi if (expected_tag_len == 0) { 354*62c56f98SSadaf Ebrahimi TEST_CALLOC(tag_buf, 16); 355*62c56f98SSadaf Ebrahimi } else { 356*62c56f98SSadaf Ebrahimi TEST_CALLOC(tag_buf, expected_tag_len); 357*62c56f98SSadaf Ebrahimi } 358*62c56f98SSadaf Ebrahimi 359*62c56f98SSadaf Ebrahimi /* Calculate iv */ 360*62c56f98SSadaf Ebrahimi TEST_ASSERT(source_address->len == 8); 361*62c56f98SSadaf Ebrahimi TEST_ASSERT(frame_counter->len == 4); 362*62c56f98SSadaf Ebrahimi memcpy(iv, source_address->x, source_address->len); 363*62c56f98SSadaf Ebrahimi memcpy(iv + source_address->len, frame_counter->x, frame_counter->len); 364*62c56f98SSadaf Ebrahimi iv[source_address->len + frame_counter->len] = sec_level; 365*62c56f98SSadaf Ebrahimi iv_len = sizeof(iv); 366*62c56f98SSadaf Ebrahimi 367*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 368*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, 369*62c56f98SSadaf Ebrahimi key->x, key->len * 8), 0); 370*62c56f98SSadaf Ebrahimi /* Test with input == output */ 371*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg->len, iv, iv_len, 372*62c56f98SSadaf Ebrahimi add->x, add->len, io_msg_buf, 373*62c56f98SSadaf Ebrahimi io_msg_buf, tag_buf, expected_tag_len), output_ret); 374*62c56f98SSadaf Ebrahimi 375*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(io_msg_buf, msg->len, expected_result->x, msg->len); 376*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len); 377*62c56f98SSadaf Ebrahimi 378*62c56f98SSadaf Ebrahimi if (output_ret == 0) { 379*62c56f98SSadaf Ebrahimi const data_t iv_data = { .x = iv, 380*62c56f98SSadaf Ebrahimi .len = iv_len }; 381*62c56f98SSadaf Ebrahimi 382*62c56f98SSadaf Ebrahimi const data_t encrypted_expected = { .x = expected_result->x, 383*62c56f98SSadaf Ebrahimi .len = msg->len }; 384*62c56f98SSadaf Ebrahimi const data_t tag_expected = { .x = (uint8_t *) expected_tag, 385*62c56f98SSadaf Ebrahimi .len = expected_tag_len }; 386*62c56f98SSadaf Ebrahimi 387*62c56f98SSadaf Ebrahimi for (n1 = 0; n1 <= msg->len; n1 += 1) { 388*62c56f98SSadaf Ebrahimi for (n1_add = 0; n1_add <= add->len; n1_add += 1) { 389*62c56f98SSadaf Ebrahimi mbedtls_test_set_step(n1 * 10000 + n1_add); 390*62c56f98SSadaf Ebrahimi if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_ENCRYPT, 391*62c56f98SSadaf Ebrahimi &iv_data, add, msg, 392*62c56f98SSadaf Ebrahimi &encrypted_expected, 393*62c56f98SSadaf Ebrahimi &tag_expected, 394*62c56f98SSadaf Ebrahimi n1, n1_add)) { 395*62c56f98SSadaf Ebrahimi goto exit; 396*62c56f98SSadaf Ebrahimi } 397*62c56f98SSadaf Ebrahimi } 398*62c56f98SSadaf Ebrahimi } 399*62c56f98SSadaf Ebrahimi } 400*62c56f98SSadaf Ebrahimi 401*62c56f98SSadaf Ebrahimiexit: 402*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 403*62c56f98SSadaf Ebrahimi mbedtls_free(io_msg_buf); 404*62c56f98SSadaf Ebrahimi mbedtls_free(tag_buf); 405*62c56f98SSadaf Ebrahimi} 406*62c56f98SSadaf Ebrahimi/* END_CASE */ 407*62c56f98SSadaf Ebrahimi 408*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 409*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_star_auth_decrypt(int cipher_id, 410*62c56f98SSadaf Ebrahimi data_t *key, data_t *msg, 411*62c56f98SSadaf Ebrahimi data_t *source_address, data_t *frame_counter, 412*62c56f98SSadaf Ebrahimi int sec_level, data_t *add, 413*62c56f98SSadaf Ebrahimi data_t *expected_result, int output_ret) 414*62c56f98SSadaf Ebrahimi{ 415*62c56f98SSadaf Ebrahimi unsigned char iv[13]; 416*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 417*62c56f98SSadaf Ebrahimi size_t iv_len, expected_tag_len; 418*62c56f98SSadaf Ebrahimi size_t n1, n1_add; 419*62c56f98SSadaf Ebrahimi 420*62c56f98SSadaf Ebrahimi /* Calculate tag length */ 421*62c56f98SSadaf Ebrahimi if (sec_level % 4 == 0) { 422*62c56f98SSadaf Ebrahimi expected_tag_len = 0; 423*62c56f98SSadaf Ebrahimi } else { 424*62c56f98SSadaf Ebrahimi expected_tag_len = 1 << (sec_level % 4 + 1); 425*62c56f98SSadaf Ebrahimi } 426*62c56f98SSadaf Ebrahimi 427*62c56f98SSadaf Ebrahimi const size_t expected_msg_len = msg->len - expected_tag_len; 428*62c56f98SSadaf Ebrahimi const uint8_t *expected_tag = msg->x + expected_msg_len; 429*62c56f98SSadaf Ebrahimi 430*62c56f98SSadaf Ebrahimi /* Prepare input/output message buffer */ 431*62c56f98SSadaf Ebrahimi uint8_t *io_msg_buf = NULL; 432*62c56f98SSadaf Ebrahimi TEST_CALLOC(io_msg_buf, expected_msg_len); 433*62c56f98SSadaf Ebrahimi if (expected_msg_len) { 434*62c56f98SSadaf Ebrahimi memcpy(io_msg_buf, msg->x, expected_msg_len); 435*62c56f98SSadaf Ebrahimi } 436*62c56f98SSadaf Ebrahimi 437*62c56f98SSadaf Ebrahimi /* Calculate iv */ 438*62c56f98SSadaf Ebrahimi memset(iv, 0x00, sizeof(iv)); 439*62c56f98SSadaf Ebrahimi TEST_ASSERT(source_address->len == 8); 440*62c56f98SSadaf Ebrahimi TEST_ASSERT(frame_counter->len == 4); 441*62c56f98SSadaf Ebrahimi memcpy(iv, source_address->x, source_address->len); 442*62c56f98SSadaf Ebrahimi memcpy(iv + source_address->len, frame_counter->x, frame_counter->len); 443*62c56f98SSadaf Ebrahimi iv[source_address->len + frame_counter->len] = sec_level; 444*62c56f98SSadaf Ebrahimi iv_len = sizeof(iv); 445*62c56f98SSadaf Ebrahimi 446*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 447*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0); 448*62c56f98SSadaf Ebrahimi /* Test with input == output */ 449*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_star_auth_decrypt(&ctx, expected_msg_len, iv, iv_len, 450*62c56f98SSadaf Ebrahimi add->x, add->len, io_msg_buf, io_msg_buf, 451*62c56f98SSadaf Ebrahimi expected_tag, expected_tag_len), output_ret); 452*62c56f98SSadaf Ebrahimi 453*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len); 454*62c56f98SSadaf Ebrahimi 455*62c56f98SSadaf Ebrahimi if (output_ret == 0) { 456*62c56f98SSadaf Ebrahimi const data_t iv_data = { .x = iv, 457*62c56f98SSadaf Ebrahimi .len = iv_len }; 458*62c56f98SSadaf Ebrahimi 459*62c56f98SSadaf Ebrahimi const data_t encrypted = { .x = msg->x, 460*62c56f98SSadaf Ebrahimi .len = expected_msg_len }; 461*62c56f98SSadaf Ebrahimi 462*62c56f98SSadaf Ebrahimi const data_t tag_expected = { .x = (uint8_t *) expected_tag, 463*62c56f98SSadaf Ebrahimi .len = expected_tag_len }; 464*62c56f98SSadaf Ebrahimi 465*62c56f98SSadaf Ebrahimi for (n1 = 0; n1 <= expected_msg_len; n1 += 1) { 466*62c56f98SSadaf Ebrahimi for (n1_add = 0; n1_add <= add->len; n1_add += 1) { 467*62c56f98SSadaf Ebrahimi mbedtls_test_set_step(n1 * 10000 + n1_add); 468*62c56f98SSadaf Ebrahimi if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_DECRYPT, 469*62c56f98SSadaf Ebrahimi &iv_data, add, &encrypted, 470*62c56f98SSadaf Ebrahimi expected_result, 471*62c56f98SSadaf Ebrahimi &tag_expected, 472*62c56f98SSadaf Ebrahimi n1, n1_add)) { 473*62c56f98SSadaf Ebrahimi goto exit; 474*62c56f98SSadaf Ebrahimi } 475*62c56f98SSadaf Ebrahimi } 476*62c56f98SSadaf Ebrahimi } 477*62c56f98SSadaf Ebrahimi } 478*62c56f98SSadaf Ebrahimi 479*62c56f98SSadaf Ebrahimiexit: 480*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 481*62c56f98SSadaf Ebrahimi mbedtls_free(io_msg_buf); 482*62c56f98SSadaf Ebrahimi} 483*62c56f98SSadaf Ebrahimi/* END_CASE */ 484*62c56f98SSadaf Ebrahimi 485*62c56f98SSadaf Ebrahimi/* Skip auth data, provide full text */ 486*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 487*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_skip_ad(int cipher_id, int mode, 488*62c56f98SSadaf Ebrahimi data_t *key, data_t *msg, data_t *iv, 489*62c56f98SSadaf Ebrahimi data_t *result, data_t *tag) 490*62c56f98SSadaf Ebrahimi{ 491*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 492*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 493*62c56f98SSadaf Ebrahimi size_t olen; 494*62c56f98SSadaf Ebrahimi 495*62c56f98SSadaf Ebrahimi /* Sanity checks on the test data */ 496*62c56f98SSadaf Ebrahimi TEST_EQUAL(msg->len, result->len); 497*62c56f98SSadaf Ebrahimi 498*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 499*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 500*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 501*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len)); 502*62c56f98SSadaf Ebrahimi 503*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, result->len); 504*62c56f98SSadaf Ebrahimi olen = 0xdeadbeef; 505*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, result->len, &olen)); 506*62c56f98SSadaf Ebrahimi TEST_EQUAL(result->len, olen); 507*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, olen, result->x, result->len); 508*62c56f98SSadaf Ebrahimi mbedtls_free(output); 509*62c56f98SSadaf Ebrahimi output = NULL; 510*62c56f98SSadaf Ebrahimi 511*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, tag->len); 512*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); 513*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); 514*62c56f98SSadaf Ebrahimi mbedtls_free(output); 515*62c56f98SSadaf Ebrahimi output = NULL; 516*62c56f98SSadaf Ebrahimi 517*62c56f98SSadaf Ebrahimiexit: 518*62c56f98SSadaf Ebrahimi mbedtls_free(output); 519*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 520*62c56f98SSadaf Ebrahimi} 521*62c56f98SSadaf Ebrahimi/* END_CASE */ 522*62c56f98SSadaf Ebrahimi 523*62c56f98SSadaf Ebrahimi/* Provide auth data, skip full text */ 524*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 525*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_skip_update(int cipher_id, int mode, 526*62c56f98SSadaf Ebrahimi data_t *key, data_t *iv, data_t *add, 527*62c56f98SSadaf Ebrahimi data_t *tag) 528*62c56f98SSadaf Ebrahimi{ 529*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 530*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 531*62c56f98SSadaf Ebrahimi 532*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 533*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 534*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 535*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, tag->len)); 536*62c56f98SSadaf Ebrahimi 537*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 538*62c56f98SSadaf Ebrahimi 539*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, tag->len); 540*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); 541*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); 542*62c56f98SSadaf Ebrahimi mbedtls_free(output); 543*62c56f98SSadaf Ebrahimi output = NULL; 544*62c56f98SSadaf Ebrahimi 545*62c56f98SSadaf Ebrahimiexit: 546*62c56f98SSadaf Ebrahimi mbedtls_free(output); 547*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 548*62c56f98SSadaf Ebrahimi} 549*62c56f98SSadaf Ebrahimi/* END_CASE */ 550*62c56f98SSadaf Ebrahimi 551*62c56f98SSadaf Ebrahimi/* Provide too much auth data */ 552*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 553*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_overflow_ad(int cipher_id, int mode, 554*62c56f98SSadaf Ebrahimi data_t *key, data_t *iv, 555*62c56f98SSadaf Ebrahimi data_t *add) 556*62c56f98SSadaf Ebrahimi{ 557*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 558*62c56f98SSadaf Ebrahimi 559*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 560*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 561*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 562*62c56f98SSadaf Ebrahimi // use hardcoded values for msg length and tag length. They are not a part of this test 563*62c56f98SSadaf Ebrahimi // subtract 1 from configured auth data length to provoke an overflow 564*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len - 1, 16, 16)); 565*62c56f98SSadaf Ebrahimi 566*62c56f98SSadaf Ebrahimi TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 567*62c56f98SSadaf Ebrahimiexit: 568*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 569*62c56f98SSadaf Ebrahimi} 570*62c56f98SSadaf Ebrahimi/* END_CASE */ 571*62c56f98SSadaf Ebrahimi 572*62c56f98SSadaf Ebrahimi/* Provide unexpected auth data */ 573*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 574*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_unexpected_ad(int cipher_id, int mode, 575*62c56f98SSadaf Ebrahimi data_t *key, data_t *iv, 576*62c56f98SSadaf Ebrahimi data_t *add) 577*62c56f98SSadaf Ebrahimi{ 578*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 579*62c56f98SSadaf Ebrahimi 580*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 581*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 582*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 583*62c56f98SSadaf Ebrahimi // use hardcoded values for msg length and tag length. They are not a part of this test 584*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, 16, 16)); 585*62c56f98SSadaf Ebrahimi 586*62c56f98SSadaf Ebrahimi TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 587*62c56f98SSadaf Ebrahimiexit: 588*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 589*62c56f98SSadaf Ebrahimi} 590*62c56f98SSadaf Ebrahimi/* END_CASE */ 591*62c56f98SSadaf Ebrahimi 592*62c56f98SSadaf Ebrahimi/* Provide unexpected plaintext/ciphertext data */ 593*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 594*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_unexpected_text(int cipher_id, int mode, 595*62c56f98SSadaf Ebrahimi data_t *key, data_t *msg, data_t *iv, 596*62c56f98SSadaf Ebrahimi data_t *add) 597*62c56f98SSadaf Ebrahimi{ 598*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 599*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 600*62c56f98SSadaf Ebrahimi size_t olen; 601*62c56f98SSadaf Ebrahimi 602*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 603*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 604*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 605*62c56f98SSadaf Ebrahimi // use hardcoded value for tag length. It is not a part of this test 606*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16)); 607*62c56f98SSadaf Ebrahimi 608*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 609*62c56f98SSadaf Ebrahimi 610*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, msg->len); 611*62c56f98SSadaf Ebrahimi olen = 0xdeadbeef; 612*62c56f98SSadaf Ebrahimi TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, 613*62c56f98SSadaf Ebrahimi mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); 614*62c56f98SSadaf Ebrahimiexit: 615*62c56f98SSadaf Ebrahimi mbedtls_free(output); 616*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 617*62c56f98SSadaf Ebrahimi} 618*62c56f98SSadaf Ebrahimi/* END_CASE */ 619*62c56f98SSadaf Ebrahimi 620*62c56f98SSadaf Ebrahimi/* Provide incomplete auth data and finish */ 621*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 622*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_incomplete_ad(int cipher_id, int mode, 623*62c56f98SSadaf Ebrahimi data_t *key, data_t *iv, data_t *add) 624*62c56f98SSadaf Ebrahimi{ 625*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 626*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 627*62c56f98SSadaf Ebrahimi 628*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 629*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 630*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 631*62c56f98SSadaf Ebrahimi // use hardcoded values for msg length and tag length. They are not a part of this test 632*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16)); 633*62c56f98SSadaf Ebrahimi 634*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1)); 635*62c56f98SSadaf Ebrahimi 636*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, 16); 637*62c56f98SSadaf Ebrahimi TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); 638*62c56f98SSadaf Ebrahimi 639*62c56f98SSadaf Ebrahimiexit: 640*62c56f98SSadaf Ebrahimi mbedtls_free(output); 641*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 642*62c56f98SSadaf Ebrahimi} 643*62c56f98SSadaf Ebrahimi/* END_CASE */ 644*62c56f98SSadaf Ebrahimi 645*62c56f98SSadaf Ebrahimi/* Provide complete auth data on first update_ad. 646*62c56f98SSadaf Ebrahimi * Provide unexpected auth data on second update_ad */ 647*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 648*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_full_ad_and_overflow(int cipher_id, int mode, 649*62c56f98SSadaf Ebrahimi data_t *key, data_t *iv, 650*62c56f98SSadaf Ebrahimi data_t *add) 651*62c56f98SSadaf Ebrahimi{ 652*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 653*62c56f98SSadaf Ebrahimi 654*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 655*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 656*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 657*62c56f98SSadaf Ebrahimi // use hardcoded values for msg length and tag length. They are not a part of this test 658*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16)); 659*62c56f98SSadaf Ebrahimi 660*62c56f98SSadaf Ebrahimi // pass full auth data 661*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 662*62c56f98SSadaf Ebrahimi // pass 1 extra byte 663*62c56f98SSadaf Ebrahimi TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, 1)); 664*62c56f98SSadaf Ebrahimiexit: 665*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 666*62c56f98SSadaf Ebrahimi} 667*62c56f98SSadaf Ebrahimi/* END_CASE */ 668*62c56f98SSadaf Ebrahimi 669*62c56f98SSadaf Ebrahimi/* Provide incomplete auth data on first update_ad. 670*62c56f98SSadaf Ebrahimi * Provide too much auth data on second update_ad */ 671*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 672*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_incomplete_ad_and_overflow(int cipher_id, int mode, 673*62c56f98SSadaf Ebrahimi data_t *key, data_t *iv, 674*62c56f98SSadaf Ebrahimi data_t *add) 675*62c56f98SSadaf Ebrahimi{ 676*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 677*62c56f98SSadaf Ebrahimi uint8_t add_second_buffer[2]; 678*62c56f98SSadaf Ebrahimi 679*62c56f98SSadaf Ebrahimi add_second_buffer[0] = add->x[add->len - 1]; 680*62c56f98SSadaf Ebrahimi add_second_buffer[1] = 0xAB; // some magic value 681*62c56f98SSadaf Ebrahimi 682*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 683*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 684*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 685*62c56f98SSadaf Ebrahimi // use hardcoded values for msg length and tag length. They are not a part of this test 686*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16)); 687*62c56f98SSadaf Ebrahimi 688*62c56f98SSadaf Ebrahimi // pass incomplete auth data 689*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1)); 690*62c56f98SSadaf Ebrahimi // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte) 691*62c56f98SSadaf Ebrahimi TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add_second_buffer, 2)); 692*62c56f98SSadaf Ebrahimiexit: 693*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 694*62c56f98SSadaf Ebrahimi} 695*62c56f98SSadaf Ebrahimi/* END_CASE */ 696*62c56f98SSadaf Ebrahimi 697*62c56f98SSadaf Ebrahimi/* Provide too much plaintext/ciphertext */ 698*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 699*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_overflow_update(int cipher_id, int mode, 700*62c56f98SSadaf Ebrahimi data_t *key, data_t *msg, data_t *iv, 701*62c56f98SSadaf Ebrahimi data_t *add) 702*62c56f98SSadaf Ebrahimi{ 703*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 704*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 705*62c56f98SSadaf Ebrahimi size_t olen; 706*62c56f98SSadaf Ebrahimi 707*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 708*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 709*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 710*62c56f98SSadaf Ebrahimi // use hardcoded value for tag length. It is a not a part of this test 711*62c56f98SSadaf Ebrahimi // subtract 1 from configured msg length to provoke an overflow 712*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len - 1, 16)); 713*62c56f98SSadaf Ebrahimi 714*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 715*62c56f98SSadaf Ebrahimi 716*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, msg->len); 717*62c56f98SSadaf Ebrahimi TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \ 718*62c56f98SSadaf Ebrahimi mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); 719*62c56f98SSadaf Ebrahimiexit: 720*62c56f98SSadaf Ebrahimi mbedtls_free(output); 721*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 722*62c56f98SSadaf Ebrahimi} 723*62c56f98SSadaf Ebrahimi/* END_CASE */ 724*62c56f98SSadaf Ebrahimi 725*62c56f98SSadaf Ebrahimi/* Provide incomplete plaintext/ciphertext and finish */ 726*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 727*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_incomplete_update(int cipher_id, int mode, 728*62c56f98SSadaf Ebrahimi data_t *key, data_t *msg, data_t *iv, 729*62c56f98SSadaf Ebrahimi data_t *add) 730*62c56f98SSadaf Ebrahimi{ 731*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 732*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 733*62c56f98SSadaf Ebrahimi size_t olen; 734*62c56f98SSadaf Ebrahimi 735*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 736*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 737*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 738*62c56f98SSadaf Ebrahimi // use hardcoded value for tag length. It is not a part of this test 739*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16)); 740*62c56f98SSadaf Ebrahimi 741*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 742*62c56f98SSadaf Ebrahimi 743*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, msg->len); 744*62c56f98SSadaf Ebrahimi olen = 0xdeadbeef; 745*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len, &olen)); 746*62c56f98SSadaf Ebrahimi mbedtls_free(output); 747*62c56f98SSadaf Ebrahimi output = NULL; 748*62c56f98SSadaf Ebrahimi 749*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, 16); 750*62c56f98SSadaf Ebrahimi TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); 751*62c56f98SSadaf Ebrahimi 752*62c56f98SSadaf Ebrahimiexit: 753*62c56f98SSadaf Ebrahimi mbedtls_free(output); 754*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 755*62c56f98SSadaf Ebrahimi} 756*62c56f98SSadaf Ebrahimi/* END_CASE */ 757*62c56f98SSadaf Ebrahimi 758*62c56f98SSadaf Ebrahimi/* Provide full plaintext/ciphertext of first update 759*62c56f98SSadaf Ebrahimi * Provide unexpected plaintext/ciphertext on second update */ 760*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 761*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode, 762*62c56f98SSadaf Ebrahimi data_t *key, data_t *msg, data_t *iv, 763*62c56f98SSadaf Ebrahimi data_t *add) 764*62c56f98SSadaf Ebrahimi{ 765*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 766*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 767*62c56f98SSadaf Ebrahimi size_t olen; 768*62c56f98SSadaf Ebrahimi 769*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 770*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 771*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 772*62c56f98SSadaf Ebrahimi // use hardcoded value for tag length. It is a not a part of this test 773*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16)); 774*62c56f98SSadaf Ebrahimi 775*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 776*62c56f98SSadaf Ebrahimi 777*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, msg->len); 778*62c56f98SSadaf Ebrahimi // pass full text 779*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); 780*62c56f98SSadaf Ebrahimi // pass 1 extra byte 781*62c56f98SSadaf Ebrahimi TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \ 782*62c56f98SSadaf Ebrahimi mbedtls_ccm_update(&ctx, msg->x, 1, output, 1, &olen)); 783*62c56f98SSadaf Ebrahimiexit: 784*62c56f98SSadaf Ebrahimi mbedtls_free(output); 785*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 786*62c56f98SSadaf Ebrahimi} 787*62c56f98SSadaf Ebrahimi/* END_CASE */ 788*62c56f98SSadaf Ebrahimi 789*62c56f98SSadaf Ebrahimi/* Provide incomplete plaintext/ciphertext of first update 790*62c56f98SSadaf Ebrahimi * Provide too much plaintext/ciphertext on second update */ 791*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 792*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode, 793*62c56f98SSadaf Ebrahimi data_t *key, data_t *msg, data_t *iv, 794*62c56f98SSadaf Ebrahimi data_t *add) 795*62c56f98SSadaf Ebrahimi{ 796*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 797*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 798*62c56f98SSadaf Ebrahimi size_t olen; 799*62c56f98SSadaf Ebrahimi uint8_t msg_second_buffer[2]; 800*62c56f98SSadaf Ebrahimi 801*62c56f98SSadaf Ebrahimi msg_second_buffer[0] = msg->x[msg->len - 1]; 802*62c56f98SSadaf Ebrahimi msg_second_buffer[1] = 0xAB; // some magic value 803*62c56f98SSadaf Ebrahimi 804*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 805*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 806*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 807*62c56f98SSadaf Ebrahimi // use hardcoded value for tag length. It is a not a part of this test 808*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16)); 809*62c56f98SSadaf Ebrahimi 810*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 811*62c56f98SSadaf Ebrahimi 812*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, msg->len + 1); 813*62c56f98SSadaf Ebrahimi // pass incomplete text 814*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen)); 815*62c56f98SSadaf Ebrahimi // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte) 816*62c56f98SSadaf Ebrahimi TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \ 817*62c56f98SSadaf Ebrahimi mbedtls_ccm_update(&ctx, msg_second_buffer, 2, output + msg->len - 1, 2, &olen)); 818*62c56f98SSadaf Ebrahimiexit: 819*62c56f98SSadaf Ebrahimi mbedtls_free(output); 820*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 821*62c56f98SSadaf Ebrahimi} 822*62c56f98SSadaf Ebrahimi/* END_CASE */ 823*62c56f98SSadaf Ebrahimi 824*62c56f98SSadaf Ebrahimi/* Finish without passing any auth data or plaintext/ciphertext input */ 825*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 826*62c56f98SSadaf Ebrahimivoid mbedtls_ccm_instant_finish(int cipher_id, int mode, 827*62c56f98SSadaf Ebrahimi data_t *key, data_t *iv) 828*62c56f98SSadaf Ebrahimi{ 829*62c56f98SSadaf Ebrahimi mbedtls_ccm_context ctx; 830*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 831*62c56f98SSadaf Ebrahimi 832*62c56f98SSadaf Ebrahimi mbedtls_ccm_init(&ctx); 833*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 834*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 835*62c56f98SSadaf Ebrahimi // use hardcoded values for add length, msg length and tag length. 836*62c56f98SSadaf Ebrahimi // They are not a part of this test 837*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 16, 16, 16)); 838*62c56f98SSadaf Ebrahimi 839*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, 16); 840*62c56f98SSadaf Ebrahimi TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); 841*62c56f98SSadaf Ebrahimi 842*62c56f98SSadaf Ebrahimiexit: 843*62c56f98SSadaf Ebrahimi mbedtls_free(output); 844*62c56f98SSadaf Ebrahimi mbedtls_ccm_free(&ctx); 845*62c56f98SSadaf Ebrahimi} 846*62c56f98SSadaf Ebrahimi/* END_CASE */ 847