/* BEGIN_HEADER */ #include "mbedtls/nist_kw.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES * depends_on:MBEDTLS_NIST_KW_C * END_DEPENDENCIES */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ void mbedtls_nist_kw_self_test() { TEST_ASSERT(mbedtls_nist_kw_self_test(1) == 0); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_AES_C */ void mbedtls_nist_kw_mix_contexts() { mbedtls_nist_kw_context ctx1, ctx2; unsigned char key[16]; unsigned char plaintext[32]; unsigned char ciphertext1[40]; unsigned char ciphertext2[40]; size_t output_len, i; memset(plaintext, 0, sizeof(plaintext)); memset(ciphertext1, 0, sizeof(ciphertext1)); memset(ciphertext2, 0, sizeof(ciphertext2)); memset(key, 0, sizeof(key)); /* * 1. Check wrap and unwrap with two separate contexts */ mbedtls_nist_kw_init(&ctx1); mbedtls_nist_kw_init(&ctx2); TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx1, MBEDTLS_CIPHER_ID_AES, key, sizeof(key) * 8, 1) == 0); TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KW, plaintext, sizeof(plaintext), ciphertext1, &output_len, sizeof(ciphertext1)) == 0); TEST_ASSERT(output_len == sizeof(ciphertext1)); TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx2, MBEDTLS_CIPHER_ID_AES, key, sizeof(key) * 8, 0) == 0); TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KW, ciphertext1, output_len, plaintext, &output_len, sizeof(plaintext)) == 0); TEST_ASSERT(output_len == sizeof(plaintext)); for (i = 0; i < sizeof(plaintext); i++) { TEST_ASSERT(plaintext[i] == 0); } mbedtls_nist_kw_free(&ctx1); mbedtls_nist_kw_free(&ctx2); /* * 2. Check wrapping with two modes, on same context */ mbedtls_nist_kw_init(&ctx1); mbedtls_nist_kw_init(&ctx2); output_len = sizeof(ciphertext1); TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx1, MBEDTLS_CIPHER_ID_AES, key, sizeof(key) * 8, 1) == 0); TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KW, plaintext, sizeof(plaintext), ciphertext1, &output_len, sizeof(ciphertext1)) == 0); TEST_ASSERT(output_len == sizeof(ciphertext1)); TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KWP, plaintext, sizeof(plaintext), ciphertext2, &output_len, sizeof(ciphertext2)) == 0); TEST_ASSERT(output_len == sizeof(ciphertext2)); TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx2, MBEDTLS_CIPHER_ID_AES, key, sizeof(key) * 8, 0) == 0); TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KW, ciphertext1, sizeof(ciphertext1), plaintext, &output_len, sizeof(plaintext)) == 0); TEST_ASSERT(output_len == sizeof(plaintext)); for (i = 0; i < sizeof(plaintext); i++) { TEST_ASSERT(plaintext[i] == 0); } TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KWP, ciphertext2, sizeof(ciphertext2), plaintext, &output_len, sizeof(plaintext)) == 0); TEST_ASSERT(output_len == sizeof(plaintext)); for (i = 0; i < sizeof(plaintext); i++) { TEST_ASSERT(plaintext[i] == 0); } exit: mbedtls_nist_kw_free(&ctx1); mbedtls_nist_kw_free(&ctx2); } /* END_CASE */ /* BEGIN_CASE */ void mbedtls_nist_kw_setkey(int cipher_id, int key_size, int is_wrap, int result) { mbedtls_nist_kw_context ctx; unsigned char key[32]; int ret; mbedtls_nist_kw_init(&ctx); memset(key, 0x2A, sizeof(key)); TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key)); ret = mbedtls_nist_kw_setkey(&ctx, cipher_id, key, key_size, is_wrap); TEST_ASSERT(ret == result); exit: mbedtls_nist_kw_free(&ctx); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_AES_C */ void nist_kw_plaintext_lengths(int in_len, int out_len, int mode, int res) { mbedtls_nist_kw_context ctx; unsigned char key[16]; unsigned char *plaintext = NULL; unsigned char *ciphertext = NULL; size_t output_len = out_len; mbedtls_nist_kw_init(&ctx); memset(key, 0, sizeof(key)); if (in_len != 0) { plaintext = mbedtls_calloc(1, in_len); TEST_ASSERT(plaintext != NULL); } if (out_len != 0) { ciphertext = mbedtls_calloc(1, output_len); TEST_ASSERT(ciphertext != NULL); } TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof(key), 1) == 0); TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx, mode, plaintext, in_len, ciphertext, &output_len, output_len) == res); if (res == 0) { if (mode == MBEDTLS_KW_MODE_KWP) { TEST_ASSERT(output_len == (size_t) in_len + 8 - (in_len % 8) + 8); } else { TEST_ASSERT(output_len == (size_t) in_len + 8); } } else { TEST_ASSERT(output_len == 0); } exit: mbedtls_free(ciphertext); mbedtls_free(plaintext); mbedtls_nist_kw_free(&ctx); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_AES_C */ void nist_kw_ciphertext_lengths(int in_len, int out_len, int mode, int res) { mbedtls_nist_kw_context ctx; unsigned char key[16]; unsigned char *plaintext = NULL; unsigned char *ciphertext = NULL; int unwrap_ret; size_t output_len = out_len; mbedtls_nist_kw_init(&ctx); memset(key, 0, sizeof(key)); if (out_len != 0) { plaintext = mbedtls_calloc(1, output_len); TEST_ASSERT(plaintext != NULL); } if (in_len != 0) { ciphertext = mbedtls_calloc(1, in_len); TEST_ASSERT(ciphertext != NULL); } TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof(key), 0) == 0); unwrap_ret = mbedtls_nist_kw_unwrap(&ctx, mode, ciphertext, in_len, plaintext, &output_len, output_len); if (res == 0) { TEST_ASSERT(unwrap_ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED); } else { TEST_ASSERT(unwrap_ret == res); } TEST_ASSERT(output_len == 0); exit: mbedtls_free(ciphertext); mbedtls_free(plaintext); mbedtls_nist_kw_free(&ctx); } /* END_CASE */ /* BEGIN_CASE */ void mbedtls_nist_kw_wrap(int cipher_id, int mode, data_t *key, data_t *msg, data_t *expected_result) { unsigned char result[528]; mbedtls_nist_kw_context ctx; size_t result_len, i, padlen; mbedtls_nist_kw_init(&ctx); memset(result, '+', sizeof(result)); TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, cipher_id, key->x, key->len * 8, 1) == 0); /* Test with input == output */ TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx, mode, msg->x, msg->len, result, &result_len, sizeof(result)) == 0); TEST_ASSERT(result_len == expected_result->len); TEST_ASSERT(memcmp(expected_result->x, result, result_len) == 0); padlen = (msg->len % 8 != 0) ? 8 - (msg->len % 8) : 0; /* Check that the function didn't write beyond the end of the buffer. */ for (i = msg->len + 8 + padlen; i < sizeof(result); i++) { TEST_ASSERT(result[i] == '+'); } exit: mbedtls_nist_kw_free(&ctx); } /* END_CASE */ /* BEGIN_CASE */ void mbedtls_nist_kw_unwrap(int cipher_id, int mode, data_t *key, data_t *msg, data_t *expected_result, int expected_ret) { unsigned char result[528]; mbedtls_nist_kw_context ctx; size_t result_len, i; mbedtls_nist_kw_init(&ctx); memset(result, '+', sizeof(result)); TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, cipher_id, key->x, key->len * 8, 0) == 0); /* Test with input == output */ TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx, mode, msg->x, msg->len, result, &result_len, sizeof(result)) == expected_ret); if (expected_ret == 0) { TEST_ASSERT(result_len == expected_result->len); TEST_ASSERT(memcmp(expected_result->x, result, result_len) == 0); } else { TEST_ASSERT(result_len == 0); } /* Check that the function didn't write beyond the end of the buffer. */ for (i = msg->len - 8; i < sizeof(result); i++) { TEST_ASSERT(result[i] == '+'); } exit: mbedtls_nist_kw_free(&ctx); } /* END_CASE */