1a8e1175bSopenharmony_ci/* BEGIN_HEADER */ 2a8e1175bSopenharmony_ci#include "mbedtls/nist_kw.h" 3a8e1175bSopenharmony_ci/* END_HEADER */ 4a8e1175bSopenharmony_ci 5a8e1175bSopenharmony_ci/* BEGIN_DEPENDENCIES 6a8e1175bSopenharmony_ci * depends_on:MBEDTLS_NIST_KW_C 7a8e1175bSopenharmony_ci * END_DEPENDENCIES 8a8e1175bSopenharmony_ci */ 9a8e1175bSopenharmony_ci 10a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ 11a8e1175bSopenharmony_civoid mbedtls_nist_kw_self_test() 12a8e1175bSopenharmony_ci{ 13a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_self_test(1) == 0); 14a8e1175bSopenharmony_ci} 15a8e1175bSopenharmony_ci/* END_CASE */ 16a8e1175bSopenharmony_ci 17a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 18a8e1175bSopenharmony_civoid mbedtls_nist_kw_mix_contexts() 19a8e1175bSopenharmony_ci{ 20a8e1175bSopenharmony_ci mbedtls_nist_kw_context ctx1, ctx2; 21a8e1175bSopenharmony_ci unsigned char key[16]; 22a8e1175bSopenharmony_ci unsigned char plaintext[32]; 23a8e1175bSopenharmony_ci unsigned char ciphertext1[40]; 24a8e1175bSopenharmony_ci unsigned char ciphertext2[40]; 25a8e1175bSopenharmony_ci size_t output_len, i; 26a8e1175bSopenharmony_ci 27a8e1175bSopenharmony_ci memset(plaintext, 0, sizeof(plaintext)); 28a8e1175bSopenharmony_ci memset(ciphertext1, 0, sizeof(ciphertext1)); 29a8e1175bSopenharmony_ci memset(ciphertext2, 0, sizeof(ciphertext2)); 30a8e1175bSopenharmony_ci memset(key, 0, sizeof(key)); 31a8e1175bSopenharmony_ci 32a8e1175bSopenharmony_ci /* 33a8e1175bSopenharmony_ci * 1. Check wrap and unwrap with two separate contexts 34a8e1175bSopenharmony_ci */ 35a8e1175bSopenharmony_ci mbedtls_nist_kw_init(&ctx1); 36a8e1175bSopenharmony_ci mbedtls_nist_kw_init(&ctx2); 37a8e1175bSopenharmony_ci 38a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx1, 39a8e1175bSopenharmony_ci MBEDTLS_CIPHER_ID_AES, 40a8e1175bSopenharmony_ci key, sizeof(key) * 8, 41a8e1175bSopenharmony_ci 1) == 0); 42a8e1175bSopenharmony_ci 43a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KW, 44a8e1175bSopenharmony_ci plaintext, sizeof(plaintext), 45a8e1175bSopenharmony_ci ciphertext1, &output_len, 46a8e1175bSopenharmony_ci sizeof(ciphertext1)) == 0); 47a8e1175bSopenharmony_ci TEST_ASSERT(output_len == sizeof(ciphertext1)); 48a8e1175bSopenharmony_ci 49a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx2, 50a8e1175bSopenharmony_ci MBEDTLS_CIPHER_ID_AES, 51a8e1175bSopenharmony_ci key, sizeof(key) * 8, 52a8e1175bSopenharmony_ci 0) == 0); 53a8e1175bSopenharmony_ci 54a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KW, 55a8e1175bSopenharmony_ci ciphertext1, output_len, 56a8e1175bSopenharmony_ci plaintext, &output_len, 57a8e1175bSopenharmony_ci sizeof(plaintext)) == 0); 58a8e1175bSopenharmony_ci 59a8e1175bSopenharmony_ci TEST_ASSERT(output_len == sizeof(plaintext)); 60a8e1175bSopenharmony_ci for (i = 0; i < sizeof(plaintext); i++) { 61a8e1175bSopenharmony_ci TEST_ASSERT(plaintext[i] == 0); 62a8e1175bSopenharmony_ci } 63a8e1175bSopenharmony_ci mbedtls_nist_kw_free(&ctx1); 64a8e1175bSopenharmony_ci mbedtls_nist_kw_free(&ctx2); 65a8e1175bSopenharmony_ci 66a8e1175bSopenharmony_ci /* 67a8e1175bSopenharmony_ci * 2. Check wrapping with two modes, on same context 68a8e1175bSopenharmony_ci */ 69a8e1175bSopenharmony_ci mbedtls_nist_kw_init(&ctx1); 70a8e1175bSopenharmony_ci mbedtls_nist_kw_init(&ctx2); 71a8e1175bSopenharmony_ci output_len = sizeof(ciphertext1); 72a8e1175bSopenharmony_ci 73a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx1, 74a8e1175bSopenharmony_ci MBEDTLS_CIPHER_ID_AES, 75a8e1175bSopenharmony_ci key, sizeof(key) * 8, 76a8e1175bSopenharmony_ci 1) == 0); 77a8e1175bSopenharmony_ci 78a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KW, 79a8e1175bSopenharmony_ci plaintext, sizeof(plaintext), 80a8e1175bSopenharmony_ci ciphertext1, &output_len, 81a8e1175bSopenharmony_ci sizeof(ciphertext1)) == 0); 82a8e1175bSopenharmony_ci TEST_ASSERT(output_len == sizeof(ciphertext1)); 83a8e1175bSopenharmony_ci 84a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KWP, 85a8e1175bSopenharmony_ci plaintext, sizeof(plaintext), 86a8e1175bSopenharmony_ci ciphertext2, &output_len, 87a8e1175bSopenharmony_ci sizeof(ciphertext2)) == 0); 88a8e1175bSopenharmony_ci 89a8e1175bSopenharmony_ci TEST_ASSERT(output_len == sizeof(ciphertext2)); 90a8e1175bSopenharmony_ci 91a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx2, 92a8e1175bSopenharmony_ci MBEDTLS_CIPHER_ID_AES, 93a8e1175bSopenharmony_ci key, sizeof(key) * 8, 94a8e1175bSopenharmony_ci 0) == 0); 95a8e1175bSopenharmony_ci 96a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KW, 97a8e1175bSopenharmony_ci ciphertext1, sizeof(ciphertext1), 98a8e1175bSopenharmony_ci plaintext, &output_len, 99a8e1175bSopenharmony_ci sizeof(plaintext)) == 0); 100a8e1175bSopenharmony_ci 101a8e1175bSopenharmony_ci TEST_ASSERT(output_len == sizeof(plaintext)); 102a8e1175bSopenharmony_ci 103a8e1175bSopenharmony_ci for (i = 0; i < sizeof(plaintext); i++) { 104a8e1175bSopenharmony_ci TEST_ASSERT(plaintext[i] == 0); 105a8e1175bSopenharmony_ci } 106a8e1175bSopenharmony_ci 107a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KWP, 108a8e1175bSopenharmony_ci ciphertext2, sizeof(ciphertext2), 109a8e1175bSopenharmony_ci plaintext, &output_len, 110a8e1175bSopenharmony_ci sizeof(plaintext)) == 0); 111a8e1175bSopenharmony_ci 112a8e1175bSopenharmony_ci TEST_ASSERT(output_len == sizeof(plaintext)); 113a8e1175bSopenharmony_ci 114a8e1175bSopenharmony_ci for (i = 0; i < sizeof(plaintext); i++) { 115a8e1175bSopenharmony_ci TEST_ASSERT(plaintext[i] == 0); 116a8e1175bSopenharmony_ci } 117a8e1175bSopenharmony_ci 118a8e1175bSopenharmony_ciexit: 119a8e1175bSopenharmony_ci mbedtls_nist_kw_free(&ctx1); 120a8e1175bSopenharmony_ci mbedtls_nist_kw_free(&ctx2); 121a8e1175bSopenharmony_ci} 122a8e1175bSopenharmony_ci/* END_CASE */ 123a8e1175bSopenharmony_ci 124a8e1175bSopenharmony_ci/* BEGIN_CASE */ 125a8e1175bSopenharmony_civoid mbedtls_nist_kw_setkey(int cipher_id, int key_size, 126a8e1175bSopenharmony_ci int is_wrap, int result) 127a8e1175bSopenharmony_ci{ 128a8e1175bSopenharmony_ci mbedtls_nist_kw_context ctx; 129a8e1175bSopenharmony_ci unsigned char key[32]; 130a8e1175bSopenharmony_ci int ret; 131a8e1175bSopenharmony_ci 132a8e1175bSopenharmony_ci mbedtls_nist_kw_init(&ctx); 133a8e1175bSopenharmony_ci 134a8e1175bSopenharmony_ci memset(key, 0x2A, sizeof(key)); 135a8e1175bSopenharmony_ci TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key)); 136a8e1175bSopenharmony_ci 137a8e1175bSopenharmony_ci ret = mbedtls_nist_kw_setkey(&ctx, cipher_id, key, key_size, is_wrap); 138a8e1175bSopenharmony_ci TEST_ASSERT(ret == result); 139a8e1175bSopenharmony_ci 140a8e1175bSopenharmony_ciexit: 141a8e1175bSopenharmony_ci mbedtls_nist_kw_free(&ctx); 142a8e1175bSopenharmony_ci} 143a8e1175bSopenharmony_ci/* END_CASE */ 144a8e1175bSopenharmony_ci 145a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 146a8e1175bSopenharmony_civoid nist_kw_plaintext_lengths(int in_len, int out_len, int mode, int res) 147a8e1175bSopenharmony_ci{ 148a8e1175bSopenharmony_ci mbedtls_nist_kw_context ctx; 149a8e1175bSopenharmony_ci unsigned char key[16]; 150a8e1175bSopenharmony_ci unsigned char *plaintext = NULL; 151a8e1175bSopenharmony_ci unsigned char *ciphertext = NULL; 152a8e1175bSopenharmony_ci size_t output_len = out_len; 153a8e1175bSopenharmony_ci 154a8e1175bSopenharmony_ci mbedtls_nist_kw_init(&ctx); 155a8e1175bSopenharmony_ci 156a8e1175bSopenharmony_ci memset(key, 0, sizeof(key)); 157a8e1175bSopenharmony_ci 158a8e1175bSopenharmony_ci if (in_len != 0) { 159a8e1175bSopenharmony_ci plaintext = mbedtls_calloc(1, in_len); 160a8e1175bSopenharmony_ci TEST_ASSERT(plaintext != NULL); 161a8e1175bSopenharmony_ci } 162a8e1175bSopenharmony_ci 163a8e1175bSopenharmony_ci if (out_len != 0) { 164a8e1175bSopenharmony_ci ciphertext = mbedtls_calloc(1, output_len); 165a8e1175bSopenharmony_ci TEST_ASSERT(ciphertext != NULL); 166a8e1175bSopenharmony_ci } 167a8e1175bSopenharmony_ci 168a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, 169a8e1175bSopenharmony_ci key, 8 * sizeof(key), 1) == 0); 170a8e1175bSopenharmony_ci 171a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx, mode, plaintext, in_len, 172a8e1175bSopenharmony_ci ciphertext, &output_len, 173a8e1175bSopenharmony_ci output_len) == res); 174a8e1175bSopenharmony_ci if (res == 0) { 175a8e1175bSopenharmony_ci if (mode == MBEDTLS_KW_MODE_KWP) { 176a8e1175bSopenharmony_ci TEST_ASSERT(output_len == (size_t) in_len + 8 - 177a8e1175bSopenharmony_ci (in_len % 8) + 8); 178a8e1175bSopenharmony_ci } else { 179a8e1175bSopenharmony_ci TEST_ASSERT(output_len == (size_t) in_len + 8); 180a8e1175bSopenharmony_ci } 181a8e1175bSopenharmony_ci } else { 182a8e1175bSopenharmony_ci TEST_ASSERT(output_len == 0); 183a8e1175bSopenharmony_ci } 184a8e1175bSopenharmony_ci 185a8e1175bSopenharmony_ciexit: 186a8e1175bSopenharmony_ci mbedtls_free(ciphertext); 187a8e1175bSopenharmony_ci mbedtls_free(plaintext); 188a8e1175bSopenharmony_ci mbedtls_nist_kw_free(&ctx); 189a8e1175bSopenharmony_ci} 190a8e1175bSopenharmony_ci/* END_CASE */ 191a8e1175bSopenharmony_ci 192a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 193a8e1175bSopenharmony_civoid nist_kw_ciphertext_lengths(int in_len, int out_len, int mode, int res) 194a8e1175bSopenharmony_ci{ 195a8e1175bSopenharmony_ci mbedtls_nist_kw_context ctx; 196a8e1175bSopenharmony_ci unsigned char key[16]; 197a8e1175bSopenharmony_ci unsigned char *plaintext = NULL; 198a8e1175bSopenharmony_ci unsigned char *ciphertext = NULL; 199a8e1175bSopenharmony_ci int unwrap_ret; 200a8e1175bSopenharmony_ci size_t output_len = out_len; 201a8e1175bSopenharmony_ci 202a8e1175bSopenharmony_ci mbedtls_nist_kw_init(&ctx); 203a8e1175bSopenharmony_ci 204a8e1175bSopenharmony_ci memset(key, 0, sizeof(key)); 205a8e1175bSopenharmony_ci 206a8e1175bSopenharmony_ci if (out_len != 0) { 207a8e1175bSopenharmony_ci plaintext = mbedtls_calloc(1, output_len); 208a8e1175bSopenharmony_ci TEST_ASSERT(plaintext != NULL); 209a8e1175bSopenharmony_ci } 210a8e1175bSopenharmony_ci if (in_len != 0) { 211a8e1175bSopenharmony_ci ciphertext = mbedtls_calloc(1, in_len); 212a8e1175bSopenharmony_ci TEST_ASSERT(ciphertext != NULL); 213a8e1175bSopenharmony_ci } 214a8e1175bSopenharmony_ci 215a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, 216a8e1175bSopenharmony_ci key, 8 * sizeof(key), 0) == 0); 217a8e1175bSopenharmony_ci unwrap_ret = mbedtls_nist_kw_unwrap(&ctx, mode, ciphertext, in_len, 218a8e1175bSopenharmony_ci plaintext, &output_len, 219a8e1175bSopenharmony_ci output_len); 220a8e1175bSopenharmony_ci 221a8e1175bSopenharmony_ci if (res == 0) { 222a8e1175bSopenharmony_ci TEST_ASSERT(unwrap_ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED); 223a8e1175bSopenharmony_ci } else { 224a8e1175bSopenharmony_ci TEST_ASSERT(unwrap_ret == res); 225a8e1175bSopenharmony_ci } 226a8e1175bSopenharmony_ci 227a8e1175bSopenharmony_ci TEST_ASSERT(output_len == 0); 228a8e1175bSopenharmony_ci 229a8e1175bSopenharmony_ciexit: 230a8e1175bSopenharmony_ci mbedtls_free(ciphertext); 231a8e1175bSopenharmony_ci mbedtls_free(plaintext); 232a8e1175bSopenharmony_ci mbedtls_nist_kw_free(&ctx); 233a8e1175bSopenharmony_ci} 234a8e1175bSopenharmony_ci/* END_CASE */ 235a8e1175bSopenharmony_ci 236a8e1175bSopenharmony_ci/* BEGIN_CASE */ 237a8e1175bSopenharmony_civoid mbedtls_nist_kw_wrap(int cipher_id, int mode, data_t *key, data_t *msg, 238a8e1175bSopenharmony_ci data_t *expected_result) 239a8e1175bSopenharmony_ci{ 240a8e1175bSopenharmony_ci unsigned char result[528]; 241a8e1175bSopenharmony_ci mbedtls_nist_kw_context ctx; 242a8e1175bSopenharmony_ci size_t result_len, i, padlen; 243a8e1175bSopenharmony_ci 244a8e1175bSopenharmony_ci mbedtls_nist_kw_init(&ctx); 245a8e1175bSopenharmony_ci 246a8e1175bSopenharmony_ci memset(result, '+', sizeof(result)); 247a8e1175bSopenharmony_ci 248a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, cipher_id, 249a8e1175bSopenharmony_ci key->x, key->len * 8, 1) == 0); 250a8e1175bSopenharmony_ci 251a8e1175bSopenharmony_ci /* Test with input == output */ 252a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx, mode, msg->x, msg->len, 253a8e1175bSopenharmony_ci result, &result_len, sizeof(result)) == 0); 254a8e1175bSopenharmony_ci 255a8e1175bSopenharmony_ci TEST_ASSERT(result_len == expected_result->len); 256a8e1175bSopenharmony_ci 257a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(expected_result->x, result, result_len) == 0); 258a8e1175bSopenharmony_ci 259a8e1175bSopenharmony_ci padlen = (msg->len % 8 != 0) ? 8 - (msg->len % 8) : 0; 260a8e1175bSopenharmony_ci /* Check that the function didn't write beyond the end of the buffer. */ 261a8e1175bSopenharmony_ci for (i = msg->len + 8 + padlen; i < sizeof(result); i++) { 262a8e1175bSopenharmony_ci TEST_ASSERT(result[i] == '+'); 263a8e1175bSopenharmony_ci } 264a8e1175bSopenharmony_ci 265a8e1175bSopenharmony_ciexit: 266a8e1175bSopenharmony_ci mbedtls_nist_kw_free(&ctx); 267a8e1175bSopenharmony_ci} 268a8e1175bSopenharmony_ci/* END_CASE */ 269a8e1175bSopenharmony_ci 270a8e1175bSopenharmony_ci/* BEGIN_CASE */ 271a8e1175bSopenharmony_civoid mbedtls_nist_kw_unwrap(int cipher_id, int mode, data_t *key, data_t *msg, 272a8e1175bSopenharmony_ci data_t *expected_result, int expected_ret) 273a8e1175bSopenharmony_ci{ 274a8e1175bSopenharmony_ci unsigned char result[528]; 275a8e1175bSopenharmony_ci mbedtls_nist_kw_context ctx; 276a8e1175bSopenharmony_ci size_t result_len, i; 277a8e1175bSopenharmony_ci 278a8e1175bSopenharmony_ci mbedtls_nist_kw_init(&ctx); 279a8e1175bSopenharmony_ci 280a8e1175bSopenharmony_ci memset(result, '+', sizeof(result)); 281a8e1175bSopenharmony_ci 282a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, cipher_id, 283a8e1175bSopenharmony_ci key->x, key->len * 8, 0) == 0); 284a8e1175bSopenharmony_ci 285a8e1175bSopenharmony_ci /* Test with input == output */ 286a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx, mode, msg->x, msg->len, 287a8e1175bSopenharmony_ci result, &result_len, sizeof(result)) == expected_ret); 288a8e1175bSopenharmony_ci if (expected_ret == 0) { 289a8e1175bSopenharmony_ci TEST_ASSERT(result_len == expected_result->len); 290a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(expected_result->x, result, result_len) == 0); 291a8e1175bSopenharmony_ci } else { 292a8e1175bSopenharmony_ci TEST_ASSERT(result_len == 0); 293a8e1175bSopenharmony_ci } 294a8e1175bSopenharmony_ci 295a8e1175bSopenharmony_ci /* Check that the function didn't write beyond the end of the buffer. */ 296a8e1175bSopenharmony_ci for (i = msg->len - 8; i < sizeof(result); i++) { 297a8e1175bSopenharmony_ci TEST_ASSERT(result[i] == '+'); 298a8e1175bSopenharmony_ci } 299a8e1175bSopenharmony_ci 300a8e1175bSopenharmony_ciexit: 301a8e1175bSopenharmony_ci mbedtls_nist_kw_free(&ctx); 302a8e1175bSopenharmony_ci} 303a8e1175bSopenharmony_ci/* END_CASE */ 304