Merge remote-tracking branch 'public/pr/2275' into development
This commit is contained in:
commit
5aa7809ac8
9 changed files with 321 additions and 335 deletions
|
@ -83,13 +83,18 @@ mbedtls_chacha20_context;
|
|||
* \c mbedtls_chacha20_free().
|
||||
*
|
||||
* \param ctx The ChaCha20 context to initialize.
|
||||
* This must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified ChaCha20 context.
|
||||
* \brief This function releases and clears the specified
|
||||
* ChaCha20 context.
|
||||
*
|
||||
* \param ctx The ChaCha20 context to clear. This may be \c NULL,
|
||||
* in which case this function is a no-op. If it is not
|
||||
* \c NULL, it must point to an initialized context.
|
||||
*
|
||||
* \param ctx The ChaCha20 context to clear.
|
||||
*/
|
||||
void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
|
||||
|
||||
|
@ -102,7 +107,9 @@ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
|
|||
* \c mbedtls_chacha_update().
|
||||
*
|
||||
* \param ctx The ChaCha20 context to which the key should be bound.
|
||||
* \param key The encryption/decryption key. Must be 32 bytes in length.
|
||||
* It must be initialized.
|
||||
* \param key The encryption/decryption key. This must be \c 32 Bytes
|
||||
* in length.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
|
||||
|
@ -121,8 +128,9 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
|
|||
* messages encrypted with the same nonce and key.
|
||||
*
|
||||
* \param ctx The ChaCha20 context to which the nonce should be bound.
|
||||
* \param nonce The nonce. Must be 12 bytes in size.
|
||||
* \param counter The initial counter value. This is usually 0.
|
||||
* It must be initialized and bound to a key.
|
||||
* \param nonce The nonce. This must be \c 12 Bytes in size.
|
||||
* \param counter The initial counter value. This is usually \c 0.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
|
||||
|
@ -150,16 +158,16 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
|
|||
* key and nonce.
|
||||
*
|
||||
* \param ctx The ChaCha20 context to use for encryption or decryption.
|
||||
* \param size The length of the input data in bytes.
|
||||
* It must be initialized and bound to a key and nonce.
|
||||
* \param size The length of the input data in Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* This pointer can be NULL if size == 0.
|
||||
* This pointer can be \c NULL if `size == 0`.
|
||||
* \param output The buffer holding the output data.
|
||||
* Must be able to hold \p size bytes.
|
||||
* This pointer can be NULL if size == 0.
|
||||
* This must be able to hold \p size Bytes.
|
||||
* This pointer can be \c NULL if `size == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if the ctx, input, or
|
||||
* output pointers are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
|
||||
size_t size,
|
||||
|
@ -180,19 +188,19 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
|
|||
* \note The \p input and \p output pointers must either be equal or
|
||||
* point to non-overlapping buffers.
|
||||
*
|
||||
* \param key The encryption/decryption key. Must be 32 bytes in length.
|
||||
* \param nonce The nonce. Must be 12 bytes in size.
|
||||
* \param counter The initial counter value. This is usually 0.
|
||||
* \param size The length of the input data in bytes.
|
||||
* \param key The encryption/decryption key.
|
||||
* This must be \c 32 Bytes in length.
|
||||
* \param nonce The nonce. This must be \c 12 Bytes in size.
|
||||
* \param counter The initial counter value. This is usually \c 0.
|
||||
* \param size The length of the input data in Bytes.
|
||||
* \param input The buffer holding the input data.
|
||||
* This pointer can be NULL if size == 0.
|
||||
* This pointer can be \c NULL if `size == 0`.
|
||||
* \param output The buffer holding the output data.
|
||||
* Must be able to hold \p size bytes.
|
||||
* This pointer can be NULL if size == 0.
|
||||
* This must be able to hold \p size Bytes.
|
||||
* This pointer can be \c NULL if `size == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if key, nonce, input,
|
||||
* or output is NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chacha20_crypt( const unsigned char key[32],
|
||||
const unsigned char nonce[12],
|
||||
|
|
|
@ -115,27 +115,29 @@ mbedtls_chachapoly_context;
|
|||
* all previous outputs of \c mbedtls_chachapoly_update(),
|
||||
* otherwise you can now safely use the plaintext.
|
||||
*
|
||||
* \param ctx The ChachaPoly context to initialize.
|
||||
* \param ctx The ChachaPoly context to initialize. Must not be \c NULL.
|
||||
*/
|
||||
void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified ChaCha20-Poly1305 context.
|
||||
* \brief This function releases and clears the specified
|
||||
* ChaCha20-Poly1305 context.
|
||||
*
|
||||
* \param ctx The ChachaPoly context to clear.
|
||||
* \param ctx The ChachaPoly context to clear. This may be \c NULL, in which
|
||||
* case this function is a no-op.
|
||||
*/
|
||||
void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function sets the ChaCha20-Poly1305 symmetric encryption key.
|
||||
* \brief This function sets the ChaCha20-Poly1305
|
||||
* symmetric encryption key.
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to which the key should be
|
||||
* bound.
|
||||
* \param key The 256-bit (32 bytes) key.
|
||||
* bound. This must be initialized.
|
||||
* \param key The \c 256 Bit (\c 32 Bytes) key.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if \p ctx or \p key are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
|
||||
const unsigned char key[32] );
|
||||
|
@ -155,14 +157,15 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
|
|||
* \warning Decryption with the piecewise API is discouraged, see the
|
||||
* warning on \c mbedtls_chachapoly_init().
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context.
|
||||
* \param nonce The nonce/IV to use for the message. Must be 12 bytes.
|
||||
* \param ctx The ChaCha20-Poly1305 context. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param nonce The nonce/IV to use for the message.
|
||||
* This must be a redable buffer of length \c 12 Bytes.
|
||||
* \param mode The operation to perform: #MBEDTLS_CHACHAPOLY_ENCRYPT or
|
||||
* #MBEDTLS_CHACHAPOLY_DECRYPT (discouraged, see warning).
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if \p ctx or \p mac are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
|
||||
const unsigned char nonce[12],
|
||||
|
@ -193,11 +196,12 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
|
|||
* \warning Decryption with the piecewise API is discouraged, see the
|
||||
* warning on \c mbedtls_chachapoly_init().
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to use.
|
||||
* \param aad_len The length (in bytes) of the AAD. The length has no
|
||||
* \param ctx The ChaCha20-Poly1305 context. This must be initialized
|
||||
* and bound to a key.
|
||||
* \param aad_len The length in Bytes of the AAD. The length has no
|
||||
* restrictions.
|
||||
* \param aad Buffer containing the AAD.
|
||||
* This pointer can be NULL if aad_len == 0.
|
||||
* This pointer can be \c NULL if `aad_len == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
|
@ -227,20 +231,19 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
|
|||
* \warning Decryption with the piecewise API is discouraged, see the
|
||||
* warning on \c mbedtls_chachapoly_init().
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to use.
|
||||
* \param ctx The ChaCha20-Poly1305 context to use. This must be initialized.
|
||||
* \param len The length (in bytes) of the data to encrypt or decrypt.
|
||||
* \param input The buffer containing the data to encrypt or decrypt.
|
||||
* This pointer can be NULL if len == 0.
|
||||
* \param output The buffer to where the encrypted or decrypted data is written.
|
||||
* Must be able to hold \p len bytes.
|
||||
* This pointer can be NULL if len == 0.
|
||||
* This pointer can be \c NULL if `len == 0`.
|
||||
* \param output The buffer to where the encrypted or decrypted data is
|
||||
* written. This must be able to hold \p len bytes.
|
||||
* This pointer can be \c NULL if `len == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if \p ctx, \p input, or \p output are NULL.
|
||||
* \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
|
||||
* if the operation has not been started or has been
|
||||
* finished.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
|
||||
size_t len,
|
||||
|
@ -251,18 +254,17 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
|
|||
* \brief This function finished the ChaCha20-Poly1305 operation and
|
||||
* generates the MAC (authentication tag).
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to use.
|
||||
* \param ctx The ChaCha20-Poly1305 context to use. This must be initialized.
|
||||
* \param mac The buffer to where the 128-bit (16 bytes) MAC is written.
|
||||
*
|
||||
* \warning Decryption with the piecewise API is discouraged, see the
|
||||
* warning on \c mbedtls_chachapoly_init().
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if \p ctx or \p mac are NULL.
|
||||
* \return #MBEDTLS_ERR_CHACHAPOLY_BAD_STATE
|
||||
* if the operation has not been started or has been
|
||||
* finished.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
|
||||
unsigned char mac[16] );
|
||||
|
@ -280,20 +282,21 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
|
|||
* and key.
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to use (holds the key).
|
||||
* This must be initialized.
|
||||
* \param length The length (in bytes) of the data to encrypt or decrypt.
|
||||
* \param nonce The 96-bit (12 bytes) nonce/IV to use.
|
||||
* \param aad The buffer containing the additional authenticated data (AAD).
|
||||
* This pointer can be NULL if aad_len == 0.
|
||||
* \param aad The buffer containing the additional authenticated
|
||||
* data (AAD). This pointer can be \c NULL if `aad_len == 0`.
|
||||
* \param aad_len The length (in bytes) of the AAD data to process.
|
||||
* \param input The buffer containing the data to encrypt or decrypt.
|
||||
* This pointer can be NULL if ilen == 0.
|
||||
* \param output The buffer to where the encrypted or decrypted data is written.
|
||||
* This pointer can be NULL if ilen == 0.
|
||||
* \param tag The buffer to where the computed 128-bit (16 bytes) MAC is written.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
* \param output The buffer to where the encrypted or decrypted data
|
||||
* is written. This pointer can be \c NULL if `ilen == 0`.
|
||||
* \param tag The buffer to where the computed 128-bit (16 bytes) MAC
|
||||
* is written. This must not be \c NULL.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if one or more of the required parameters are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
|
||||
size_t length,
|
||||
|
@ -312,22 +315,22 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
|
|||
* \c mbedtls_chachapoly_setkey().
|
||||
*
|
||||
* \param ctx The ChaCha20-Poly1305 context to use (holds the key).
|
||||
* \param length The length (in bytes) of the data to decrypt.
|
||||
* \param nonce The 96-bit (12 bytes) nonce/IV to use.
|
||||
* \param length The length (in Bytes) of the data to decrypt.
|
||||
* \param nonce The \c 96 Bit (\c 12 bytes) nonce/IV to use.
|
||||
* \param aad The buffer containing the additional authenticated data (AAD).
|
||||
* This pointer can be NULL if aad_len == 0.
|
||||
* This pointer can be \c NULL if `aad_len == 0`.
|
||||
* \param aad_len The length (in bytes) of the AAD data to process.
|
||||
* \param tag The buffer holding the authentication tag.
|
||||
* This must be a readable buffer of length \c 16 Bytes.
|
||||
* \param input The buffer containing the data to decrypt.
|
||||
* This pointer can be NULL if ilen == 0.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
* \param output The buffer to where the decrypted data is written.
|
||||
* This pointer can be NULL if ilen == 0.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if one or more of the required parameters are NULL.
|
||||
* \return #MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED
|
||||
* if the data was not authentic.
|
||||
* \return Another negative error code on other kinds of failure.
|
||||
*/
|
||||
int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
|
||||
size_t length,
|
||||
|
|
|
@ -84,14 +84,18 @@ mbedtls_poly1305_context;
|
|||
* \c mbedtls_poly1305_finish(), then finally
|
||||
* \c mbedtls_poly1305_free().
|
||||
*
|
||||
* \param ctx The Poly1305 context to initialize.
|
||||
* \param ctx The Poly1305 context to initialize. This must
|
||||
* not be \c NULL.
|
||||
*/
|
||||
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief This function releases and clears the specified Poly1305 context.
|
||||
* \brief This function releases and clears the specified
|
||||
* Poly1305 context.
|
||||
*
|
||||
* \param ctx The Poly1305 context to clear.
|
||||
* \param ctx The Poly1305 context to clear. This may be \c NULL, in which
|
||||
* case this function is a no-op. If it is not \c NULL, it must
|
||||
* point to an initialized Poly1305 context.
|
||||
*/
|
||||
void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
|
||||
|
||||
|
@ -102,11 +106,11 @@ void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
|
|||
* invocation of Poly1305.
|
||||
*
|
||||
* \param ctx The Poly1305 context to which the key should be bound.
|
||||
* \param key The buffer containing the 256-bit key.
|
||||
* This must be initialized.
|
||||
* \param key The buffer containing the \c 32 Byte (\c 256 Bit) key.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if ctx or key are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
|
||||
const unsigned char key[32] );
|
||||
|
@ -120,13 +124,14 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
|
|||
* It can be called repeatedly to process a stream of data.
|
||||
*
|
||||
* \param ctx The Poly1305 context to use for the Poly1305 operation.
|
||||
* \param ilen The length of the input data (in bytes). Any value is accepted.
|
||||
* This must be initialized and bound to a key.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* Any value is accepted.
|
||||
* \param input The buffer holding the input data.
|
||||
* This pointer can be NULL if ilen == 0.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if ctx or input are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
|
||||
const unsigned char *input,
|
||||
|
@ -137,12 +142,12 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
|
|||
* Authentication Code (MAC).
|
||||
*
|
||||
* \param ctx The Poly1305 context to use for the Poly1305 operation.
|
||||
* \param mac The buffer to where the MAC is written. Must be big enough
|
||||
* to hold the 16-byte MAC.
|
||||
* This must be initialized and bound to a key.
|
||||
* \param mac The buffer to where the MAC is written. This must
|
||||
* be a writable buffer of length \c 16 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if ctx or mac are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
|
||||
unsigned char mac[16] );
|
||||
|
@ -154,16 +159,16 @@ int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
|
|||
* \warning The key must be unique and unpredictable for each
|
||||
* invocation of Poly1305.
|
||||
*
|
||||
* \param key The buffer containing the 256-bit key.
|
||||
* \param ilen The length of the input data (in bytes). Any value is accepted.
|
||||
* \param key The buffer containing the \c 32 Byte (\c 256 Bit) key.
|
||||
* \param ilen The length of the input data in Bytes.
|
||||
* Any value is accepted.
|
||||
* \param input The buffer holding the input data.
|
||||
* This pointer can be NULL if ilen == 0.
|
||||
* \param mac The buffer to where the MAC is written. Must be big enough
|
||||
* to hold the 16-byte MAC.
|
||||
* This pointer can be \c NULL if `ilen == 0`.
|
||||
* \param mac The buffer to where the MAC is written. This must be
|
||||
* a writable buffer of length \c 16 Bytes.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA
|
||||
* if key, input, or mac are NULL.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_poly1305_mac( const unsigned char key[32],
|
||||
const unsigned char *input,
|
||||
|
|
|
@ -53,6 +53,12 @@
|
|||
#define inline __inline
|
||||
#endif
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define CHACHA20_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
|
||||
#define CHACHA20_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#define BYTES_TO_U32_LE( data, offset ) \
|
||||
( (uint32_t) data[offset] \
|
||||
| (uint32_t) ( (uint32_t) data[( offset ) + 1] << 8 ) \
|
||||
|
@ -181,14 +187,13 @@ static void chacha20_block( const uint32_t initial_state[16],
|
|||
|
||||
void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
|
||||
{
|
||||
if( ctx != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
|
||||
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
|
||||
CHACHA20_VALIDATE( ctx != NULL );
|
||||
|
||||
/* Initially, there's no keystream bytes available */
|
||||
ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
|
||||
}
|
||||
mbedtls_platform_zeroize( ctx->state, sizeof( ctx->state ) );
|
||||
mbedtls_platform_zeroize( ctx->keystream8, sizeof( ctx->keystream8 ) );
|
||||
|
||||
/* Initially, there's no keystream bytes available */
|
||||
ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
|
||||
}
|
||||
|
||||
void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
|
||||
|
@ -202,10 +207,8 @@ void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx )
|
|||
int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
|
||||
const unsigned char key[32] )
|
||||
{
|
||||
if( ( ctx == NULL ) || ( key == NULL ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
}
|
||||
CHACHA20_VALIDATE_RET( ctx != NULL );
|
||||
CHACHA20_VALIDATE_RET( key != NULL );
|
||||
|
||||
/* ChaCha20 constants - the string "expand 32-byte k" */
|
||||
ctx->state[0] = 0x61707865;
|
||||
|
@ -230,10 +233,8 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
|
|||
const unsigned char nonce[12],
|
||||
uint32_t counter )
|
||||
{
|
||||
if( ( ctx == NULL ) || ( nonce == NULL ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
}
|
||||
CHACHA20_VALIDATE_RET( ctx != NULL );
|
||||
CHACHA20_VALIDATE_RET( nonce != NULL );
|
||||
|
||||
/* Counter */
|
||||
ctx->state[12] = counter;
|
||||
|
@ -259,15 +260,9 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
|
|||
size_t offset = 0U;
|
||||
size_t i;
|
||||
|
||||
if( ctx == NULL )
|
||||
{
|
||||
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
}
|
||||
else if( ( size > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
|
||||
{
|
||||
/* input and output pointers are allowed to be NULL only if size == 0 */
|
||||
return( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
}
|
||||
CHACHA20_VALIDATE_RET( ctx != NULL );
|
||||
CHACHA20_VALIDATE_RET( size == 0 || input != NULL );
|
||||
CHACHA20_VALIDATE_RET( size == 0 || output != NULL );
|
||||
|
||||
/* Use leftover keystream bytes, if available */
|
||||
while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
|
||||
|
@ -332,6 +327,11 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
|
|||
mbedtls_chacha20_context ctx;
|
||||
int ret;
|
||||
|
||||
CHACHA20_VALIDATE_RET( key != NULL );
|
||||
CHACHA20_VALIDATE_RET( nonce != NULL );
|
||||
CHACHA20_VALIDATE_RET( data_len == 0 || input != NULL );
|
||||
CHACHA20_VALIDATE_RET( data_len == 0 || output != NULL );
|
||||
|
||||
mbedtls_chacha20_init( &ctx );
|
||||
|
||||
ret = mbedtls_chacha20_setkey( &ctx, key );
|
||||
|
|
|
@ -44,6 +44,12 @@
|
|||
|
||||
#if !defined(MBEDTLS_CHACHAPOLY_ALT)
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define CHACHAPOLY_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
|
||||
#define CHACHAPOLY_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#define CHACHAPOLY_STATE_INIT ( 0 )
|
||||
#define CHACHAPOLY_STATE_AAD ( 1 )
|
||||
#define CHACHAPOLY_STATE_CIPHERTEXT ( 2 ) /* Encrypting or decrypting */
|
||||
|
@ -90,39 +96,35 @@ static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
|
|||
|
||||
void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
|
||||
{
|
||||
if( ctx != NULL )
|
||||
{
|
||||
mbedtls_chacha20_init( &ctx->chacha20_ctx );
|
||||
mbedtls_poly1305_init( &ctx->poly1305_ctx );
|
||||
ctx->aad_len = 0U;
|
||||
ctx->ciphertext_len = 0U;
|
||||
ctx->state = CHACHAPOLY_STATE_INIT;
|
||||
ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
|
||||
}
|
||||
CHACHAPOLY_VALIDATE( ctx != NULL );
|
||||
|
||||
mbedtls_chacha20_init( &ctx->chacha20_ctx );
|
||||
mbedtls_poly1305_init( &ctx->poly1305_ctx );
|
||||
ctx->aad_len = 0U;
|
||||
ctx->ciphertext_len = 0U;
|
||||
ctx->state = CHACHAPOLY_STATE_INIT;
|
||||
ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
|
||||
}
|
||||
|
||||
void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx )
|
||||
{
|
||||
if( ctx != NULL )
|
||||
{
|
||||
mbedtls_chacha20_free( &ctx->chacha20_ctx );
|
||||
mbedtls_poly1305_free( &ctx->poly1305_ctx );
|
||||
ctx->aad_len = 0U;
|
||||
ctx->ciphertext_len = 0U;
|
||||
ctx->state = CHACHAPOLY_STATE_INIT;
|
||||
ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
|
||||
}
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_chacha20_free( &ctx->chacha20_ctx );
|
||||
mbedtls_poly1305_free( &ctx->poly1305_ctx );
|
||||
ctx->aad_len = 0U;
|
||||
ctx->ciphertext_len = 0U;
|
||||
ctx->state = CHACHAPOLY_STATE_INIT;
|
||||
ctx->mode = MBEDTLS_CHACHAPOLY_ENCRYPT;
|
||||
}
|
||||
|
||||
int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
|
||||
const unsigned char key[32] )
|
||||
{
|
||||
int ret;
|
||||
|
||||
if( ( ctx == NULL ) || ( key == NULL ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( key != NULL );
|
||||
|
||||
ret = mbedtls_chacha20_setkey( &ctx->chacha20_ctx, key );
|
||||
|
||||
|
@ -135,11 +137,8 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
|
|||
{
|
||||
int ret;
|
||||
unsigned char poly1305_key[64];
|
||||
|
||||
if( ( ctx == NULL ) || ( nonce == NULL ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( nonce != NULL );
|
||||
|
||||
/* Set counter = 0, will be update to 1 when generating Poly1305 key */
|
||||
ret = mbedtls_chacha20_starts( &ctx->chacha20_ctx, nonce, 0U );
|
||||
|
@ -176,19 +175,11 @@ int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
|
|||
const unsigned char *aad,
|
||||
size_t aad_len )
|
||||
{
|
||||
if( ctx == NULL )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
else if( ( aad_len > 0U ) && ( aad == NULL ) )
|
||||
{
|
||||
/* aad pointer is allowed to be NULL if aad_len == 0 */
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
else if( ctx->state != CHACHAPOLY_STATE_AAD )
|
||||
{
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
|
||||
|
||||
if( ctx->state != CHACHAPOLY_STATE_AAD )
|
||||
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
||||
}
|
||||
|
||||
ctx->aad_len += aad_len;
|
||||
|
||||
|
@ -201,18 +192,12 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
|
|||
unsigned char *output )
|
||||
{
|
||||
int ret;
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( len == 0 || input != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( len == 0 || output != NULL );
|
||||
|
||||
if( ctx == NULL )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
else if( ( len > 0U ) && ( ( input == NULL ) || ( output == NULL ) ) )
|
||||
{
|
||||
/* input and output pointers are allowed to be NULL if len == 0 */
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
else if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
|
||||
( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
|
||||
if( ( ctx->state != CHACHAPOLY_STATE_AAD ) &&
|
||||
( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
||||
}
|
||||
|
@ -257,12 +242,10 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
|
|||
{
|
||||
int ret;
|
||||
unsigned char len_block[16];
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( mac != NULL );
|
||||
|
||||
if( ( ctx == NULL ) || ( mac == NULL ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
else if( ctx->state == CHACHAPOLY_STATE_INIT )
|
||||
if( ctx->state == CHACHAPOLY_STATE_INIT )
|
||||
{
|
||||
return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
||||
}
|
||||
|
@ -350,6 +333,13 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
|
|||
unsigned char *output,
|
||||
unsigned char tag[16] )
|
||||
{
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( nonce != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( tag != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
|
||||
length, nonce, aad, aad_len,
|
||||
input, output, tag ) );
|
||||
|
@ -368,9 +358,12 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
|
|||
unsigned char check_tag[16];
|
||||
size_t i;
|
||||
int diff;
|
||||
|
||||
if( tag == NULL )
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
CHACHAPOLY_VALIDATE_RET( ctx != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( nonce != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( tag != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( aad_len == 0 || aad != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( length == 0 || input != NULL );
|
||||
CHACHAPOLY_VALIDATE_RET( length == 0 || output != NULL );
|
||||
|
||||
if( ( ret = chachapoly_crypt_and_tag( ctx,
|
||||
MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
|
||||
|
|
|
@ -49,6 +49,12 @@
|
|||
#define inline __inline
|
||||
#endif
|
||||
|
||||
/* Parameter validation macros */
|
||||
#define POLY1305_VALIDATE_RET( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA )
|
||||
#define POLY1305_VALIDATE( cond ) \
|
||||
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||
|
||||
#define POLY1305_BLOCK_SIZE_BYTES ( 16U )
|
||||
|
||||
#define BYTES_TO_U32_LE( data, offset ) \
|
||||
|
@ -276,27 +282,24 @@ static void poly1305_compute_mac( const mbedtls_poly1305_context *ctx,
|
|||
|
||||
void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx )
|
||||
{
|
||||
if( ctx != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
|
||||
}
|
||||
POLY1305_VALIDATE( ctx != NULL );
|
||||
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
|
||||
}
|
||||
|
||||
void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx )
|
||||
{
|
||||
if( ctx != NULL )
|
||||
{
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
|
||||
}
|
||||
if( ctx == NULL )
|
||||
return;
|
||||
|
||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_poly1305_context ) );
|
||||
}
|
||||
|
||||
int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
|
||||
const unsigned char key[32] )
|
||||
{
|
||||
if( ctx == NULL || key == NULL )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
POLY1305_VALIDATE_RET( ctx != NULL );
|
||||
POLY1305_VALIDATE_RET( key != NULL );
|
||||
|
||||
/* r &= 0x0ffffffc0ffffffc0ffffffc0fffffff */
|
||||
ctx->r[0] = BYTES_TO_U32_LE( key, 0 ) & 0x0FFFFFFFU;
|
||||
|
@ -331,16 +334,8 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
|
|||
size_t remaining = ilen;
|
||||
size_t queue_free_len;
|
||||
size_t nblocks;
|
||||
|
||||
if( ctx == NULL )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
else if( ( ilen > 0U ) && ( input == NULL ) )
|
||||
{
|
||||
/* input pointer is allowed to be NULL only if ilen == 0 */
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
POLY1305_VALIDATE_RET( ctx != NULL );
|
||||
POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
|
||||
if( ( remaining > 0U ) && ( ctx->queue_len > 0U ) )
|
||||
{
|
||||
|
@ -398,10 +393,8 @@ int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
|
|||
int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
|
||||
unsigned char mac[16] )
|
||||
{
|
||||
if( ( ctx == NULL ) || ( mac == NULL ) )
|
||||
{
|
||||
return( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
}
|
||||
POLY1305_VALIDATE_RET( ctx != NULL );
|
||||
POLY1305_VALIDATE_RET( mac != NULL );
|
||||
|
||||
/* Process any leftover data */
|
||||
if( ctx->queue_len > 0U )
|
||||
|
@ -431,6 +424,9 @@ int mbedtls_poly1305_mac( const unsigned char key[32],
|
|||
{
|
||||
mbedtls_poly1305_context ctx;
|
||||
int ret;
|
||||
POLY1305_VALIDATE_RET( key != NULL );
|
||||
POLY1305_VALIDATE_RET( mac != NULL );
|
||||
POLY1305_VALIDATE_RET( ilen == 0 || input != NULL );
|
||||
|
||||
mbedtls_poly1305_init( &ctx );
|
||||
|
||||
|
|
|
@ -82,7 +82,7 @@ void chacha20_crypt( char *hex_key_string,
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
|
||||
void chacha20_bad_params()
|
||||
{
|
||||
unsigned char key[32];
|
||||
|
@ -93,42 +93,38 @@ void chacha20_bad_params()
|
|||
size_t len = sizeof( src );
|
||||
mbedtls_chacha20_context ctx;
|
||||
|
||||
mbedtls_chacha20_init( NULL );
|
||||
mbedtls_chacha20_free( NULL );
|
||||
TEST_INVALID_PARAM( mbedtls_chacha20_init( NULL ) );
|
||||
TEST_VALID_PARAM( mbedtls_chacha20_free( NULL ) );
|
||||
|
||||
mbedtls_chacha20_init( &ctx );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
|
||||
mbedtls_chacha20_setkey( NULL, key ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
|
||||
mbedtls_chacha20_setkey( &ctx, NULL ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_chacha20_setkey( NULL, key )
|
||||
== MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chacha20_setkey( &ctx, NULL )
|
||||
== MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
|
||||
mbedtls_chacha20_starts( NULL, nonce, counter ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
|
||||
mbedtls_chacha20_starts( &ctx, NULL, counter ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_chacha20_starts( NULL, nonce, counter )
|
||||
== MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chacha20_starts( &ctx, NULL, counter )
|
||||
== MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
|
||||
mbedtls_chacha20_update( NULL, 0, src, dst ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
|
||||
mbedtls_chacha20_update( &ctx, len, NULL, dst ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
|
||||
mbedtls_chacha20_update( &ctx, len, src, NULL ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_chacha20_update( NULL, 0, src, dst )
|
||||
== MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chacha20_update( &ctx, len, NULL, dst )
|
||||
== MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chacha20_update( &ctx, len, src, NULL )
|
||||
== MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chacha20_update( &ctx, 0, NULL, NULL )
|
||||
== 0 );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
|
||||
mbedtls_chacha20_crypt( NULL, nonce, counter, 0, src, dst ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
|
||||
mbedtls_chacha20_crypt( key, NULL, counter, 0, src, dst ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
|
||||
mbedtls_chacha20_crypt( key, nonce, counter, len, NULL, dst ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA,
|
||||
mbedtls_chacha20_crypt( key, nonce, counter, len, src, NULL ) );
|
||||
|
||||
mbedtls_chacha20_free( &ctx );
|
||||
exit:
|
||||
return;
|
||||
|
||||
TEST_ASSERT( mbedtls_chacha20_crypt( NULL, nonce, counter, 0, src, dst )
|
||||
== MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chacha20_crypt( key, NULL, counter, 0, src, dst )
|
||||
== MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, len, NULL, dst )
|
||||
== MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, len, src, NULL )
|
||||
== MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chacha20_crypt( key, nonce, counter, 0, NULL, NULL )
|
||||
== 0 );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
|
|
@ -118,7 +118,7 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
|
||||
void chachapoly_bad_params()
|
||||
{
|
||||
unsigned char key[32];
|
||||
|
@ -138,124 +138,114 @@ void chachapoly_bad_params()
|
|||
memset( output, 0x00, sizeof( output ) );
|
||||
memset( mac, 0x00, sizeof( mac ) );
|
||||
|
||||
mbedtls_chachapoly_init( NULL );
|
||||
mbedtls_chachapoly_free( NULL );
|
||||
TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) );
|
||||
TEST_VALID_PARAM( mbedtls_chachapoly_free( NULL ) );
|
||||
|
||||
mbedtls_chachapoly_init( &ctx );
|
||||
/* setkey */
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_setkey( NULL, key ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_setkey( &ctx, NULL ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_chachapoly_setkey( NULL, key )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, NULL )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
|
||||
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( NULL,
|
||||
/* encrypt_and_tag */
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_encrypt_and_tag( NULL,
|
||||
0, nonce,
|
||||
aad, 0,
|
||||
input, output, mac )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
||||
input, output, mac ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
||||
0, NULL,
|
||||
aad, 0,
|
||||
input, output, mac )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
||||
input, output, mac ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
||||
0, nonce,
|
||||
NULL, aad_len,
|
||||
input, output, mac )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
||||
input, output, mac ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
||||
input_len, nonce,
|
||||
aad, 0,
|
||||
NULL, output, mac )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
||||
NULL, output, mac ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
||||
input_len, nonce,
|
||||
aad, 0,
|
||||
input, NULL, mac )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
||||
input, NULL, mac ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
||||
0, nonce,
|
||||
aad, 0,
|
||||
input, output, NULL )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
input, output, NULL ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( NULL,
|
||||
/* auth_decrypt */
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_auth_decrypt( NULL,
|
||||
0, nonce,
|
||||
aad, 0,
|
||||
mac, input, output )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
|
||||
mac, input, output ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_auth_decrypt( &ctx,
|
||||
0, NULL,
|
||||
aad, 0,
|
||||
mac, input, output )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
|
||||
mac, input, output ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_auth_decrypt( &ctx,
|
||||
0, nonce,
|
||||
NULL, aad_len,
|
||||
mac, input, output )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
|
||||
mac, input, output ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_auth_decrypt( &ctx,
|
||||
0, nonce,
|
||||
aad, 0,
|
||||
NULL, input, output )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
|
||||
NULL, input, output ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_auth_decrypt( &ctx,
|
||||
input_len, nonce,
|
||||
aad, 0,
|
||||
mac, NULL, output )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
|
||||
mac, NULL, output ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_auth_decrypt( &ctx,
|
||||
input_len, nonce,
|
||||
aad, 0,
|
||||
mac, input, NULL )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
mac, input, NULL ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
||||
0, nonce,
|
||||
aad, aad_len,
|
||||
NULL, NULL, mac )
|
||||
== 0 );
|
||||
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
|
||||
0, nonce,
|
||||
aad, aad_len,
|
||||
mac, NULL, NULL )
|
||||
== 0 );
|
||||
/* starts */
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_starts( NULL, nonce,
|
||||
MBEDTLS_CHACHAPOLY_ENCRYPT ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_starts( &ctx, NULL,
|
||||
MBEDTLS_CHACHAPOLY_ENCRYPT ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
||||
input_len, nonce,
|
||||
NULL, 0,
|
||||
input, output, mac )
|
||||
== 0 );
|
||||
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
|
||||
input_len, nonce,
|
||||
NULL, 0,
|
||||
mac, input, output )
|
||||
== 0 );
|
||||
/* update_aad */
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_update_aad( NULL, aad,
|
||||
aad_len ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_update_aad( &ctx, NULL,
|
||||
aad_len ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_chachapoly_starts( NULL, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, NULL, MBEDTLS_CHACHAPOLY_ENCRYPT )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
/* update */
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_update( NULL, input_len,
|
||||
input, output ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_update( &ctx, input_len,
|
||||
NULL, output ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_update( &ctx, input_len,
|
||||
input, NULL ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_chachapoly_update_aad( NULL, aad, aad_len )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, NULL, aad_len )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
|
||||
TEST_ASSERT( mbedtls_chachapoly_update( NULL, input_len, input, output )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, NULL, output )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, NULL )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
|
||||
TEST_ASSERT( mbedtls_chachapoly_finish( NULL, mac )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, NULL )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
/* finish */
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_finish( NULL, mac ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_chachapoly_finish( &ctx, NULL ) );
|
||||
|
||||
exit:
|
||||
mbedtls_chachapoly_free( &ctx );
|
||||
return;
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
|
|
@ -88,7 +88,7 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
|
||||
void poly1305_bad_params()
|
||||
{
|
||||
unsigned char src[1];
|
||||
|
@ -97,38 +97,33 @@ void poly1305_bad_params()
|
|||
size_t src_len = sizeof( src );
|
||||
mbedtls_poly1305_context ctx;
|
||||
|
||||
mbedtls_poly1305_init( NULL );
|
||||
mbedtls_poly1305_free( NULL );
|
||||
TEST_INVALID_PARAM( mbedtls_poly1305_init( NULL ) );
|
||||
TEST_VALID_PARAM( mbedtls_poly1305_free( NULL ) );
|
||||
|
||||
mbedtls_poly1305_init( &ctx );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_poly1305_starts( NULL, key ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_poly1305_starts( &ctx, NULL ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_poly1305_starts( NULL, key )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_poly1305_starts( &ctx, NULL )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_poly1305_update( NULL, src, 0 ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_poly1305_update( &ctx, NULL, src_len ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_poly1305_update( NULL, src, 0 )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_poly1305_update( &ctx, NULL, src_len )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_poly1305_update( &ctx, NULL, 0 )
|
||||
== 0 );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_poly1305_finish( NULL, mac ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_poly1305_finish( &ctx, NULL ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_poly1305_finish( NULL, mac )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_poly1305_finish( &ctx, NULL )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_poly1305_mac( NULL, src, 0, mac ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_poly1305_mac( key, NULL, src_len, mac ) );
|
||||
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
||||
mbedtls_poly1305_mac( key, src, 0, NULL ) );
|
||||
|
||||
TEST_ASSERT( mbedtls_poly1305_mac( NULL, src, 0, mac )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_poly1305_mac( key, NULL, src_len, mac )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_poly1305_mac( key, src, 0, NULL )
|
||||
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
|
||||
TEST_ASSERT( mbedtls_poly1305_mac( key, NULL, 0, mac )
|
||||
== 0 );
|
||||
|
||||
mbedtls_poly1305_free( &ctx );
|
||||
exit:
|
||||
return;
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
|
Loading…
Reference in a new issue