test: Check empty buffer decryption for chachapoly
Previously, even in the Chacha20 and Chacha20-Poly1305 tests, we would test that decryption of an empty buffer would work with MBEDTLS_CIPHER_AES_128_CBC. Make the cipher used with the dec_empty_buf() test configurable, so that Chacha20 and Chacha20-Poly1305 empty buffer tests can use ciphers other than AES CBC. Then, make the Chacha20 and Chacha20-Poly1305 empty buffer tests use the MBEDTLS_CIPHER_CHACHA20 and MBEDTLS_CIPHER_CHACHA20_POLY1305 cipher suites.
This commit is contained in:
parent
cad1223654
commit
5ab80efa10
4 changed files with 28 additions and 8 deletions
|
@ -1,6 +1,6 @@
|
||||||
Decrypt empty buffer
|
Decrypt empty buffer
|
||||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
|
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
|
||||||
dec_empty_buf:
|
dec_empty_buf:MBEDTLS_CIPHER_AES_128_CBC
|
||||||
|
|
||||||
AES-128 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding
|
AES-128 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding
|
||||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
|
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
Decrypt empty buffer
|
Decrypt empty buffer
|
||||||
depends_on:MBEDTLS_CHACHA20_C
|
depends_on:MBEDTLS_CHACHA20_C
|
||||||
dec_empty_buf:
|
dec_empty_buf:MBEDTLS_CIPHER_CHACHA20
|
||||||
|
|
||||||
Chacha20 RFC 7539 Test Vector #1
|
Chacha20 RFC 7539 Test Vector #1
|
||||||
depends_on:MBEDTLS_CHACHA20_C
|
depends_on:MBEDTLS_CHACHA20_C
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
Decrypt empty buffer
|
Decrypt empty buffer
|
||||||
depends_on:MBEDTLS_CHACHAPOLY_C
|
depends_on:MBEDTLS_CHACHAPOLY_C
|
||||||
dec_empty_buf:
|
dec_empty_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305
|
||||||
|
|
||||||
ChaCha20+Poly1305 Encrypt and decrypt 0 bytes
|
ChaCha20+Poly1305 Encrypt and decrypt 0 bytes
|
||||||
depends_on:MBEDTLS_CHACHAPOLY_C
|
depends_on:MBEDTLS_CHACHAPOLY_C
|
||||||
|
|
|
@ -710,7 +710,7 @@ exit:
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE */
|
/* BEGIN_CASE */
|
||||||
void dec_empty_buf( )
|
void dec_empty_buf( int cipher )
|
||||||
{
|
{
|
||||||
unsigned char key[32];
|
unsigned char key[32];
|
||||||
unsigned char iv[16];
|
unsigned char iv[16];
|
||||||
|
@ -723,6 +723,8 @@ void dec_empty_buf( )
|
||||||
|
|
||||||
size_t outlen = 0;
|
size_t outlen = 0;
|
||||||
|
|
||||||
|
int expected_ret;
|
||||||
|
|
||||||
memset( key, 0, 32 );
|
memset( key, 0, 32 );
|
||||||
memset( iv , 0, 16 );
|
memset( iv , 0, 16 );
|
||||||
|
|
||||||
|
@ -732,12 +734,15 @@ void dec_empty_buf( )
|
||||||
memset( decbuf, 0, 64 );
|
memset( decbuf, 0, 64 );
|
||||||
|
|
||||||
/* Initialise context */
|
/* Initialise context */
|
||||||
cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC );
|
cipher_info = mbedtls_cipher_info_from_type( cipher );
|
||||||
TEST_ASSERT( NULL != cipher_info);
|
TEST_ASSERT( NULL != cipher_info);
|
||||||
|
TEST_ASSERT( sizeof(key) * 8 >= cipher_info->key_bitlen );
|
||||||
|
|
||||||
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
|
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
|
||||||
|
|
||||||
TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, 128, MBEDTLS_DECRYPT ) );
|
TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec,
|
||||||
|
key, cipher_info->key_bitlen,
|
||||||
|
MBEDTLS_DECRYPT ) );
|
||||||
|
|
||||||
TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );
|
TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );
|
||||||
|
|
||||||
|
@ -750,7 +755,22 @@ void dec_empty_buf( )
|
||||||
/* decode 0-byte string */
|
/* decode 0-byte string */
|
||||||
TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
|
TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
|
||||||
TEST_ASSERT( 0 == outlen );
|
TEST_ASSERT( 0 == outlen );
|
||||||
TEST_ASSERT( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED == mbedtls_cipher_finish(
|
|
||||||
|
if ( cipher_info->mode == MBEDTLS_MODE_CBC ||
|
||||||
|
cipher_info->mode == MBEDTLS_MODE_ECB )
|
||||||
|
{
|
||||||
|
/* CBC and ECB ciphers need a full block of input. */
|
||||||
|
expected_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
/* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and
|
||||||
|
* return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when
|
||||||
|
* decrypting an empty buffer. */
|
||||||
|
expected_ret = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
TEST_ASSERT( expected_ret == mbedtls_cipher_finish(
|
||||||
&ctx_dec, decbuf + outlen, &outlen ) );
|
&ctx_dec, decbuf + outlen, &outlen ) );
|
||||||
TEST_ASSERT( 0 == outlen );
|
TEST_ASSERT( 0 == outlen );
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue