mbedtls/tests/suites/test_suite_cmac.function
Gilles Peskine c453e2e7e8 Officially deprecate MBEDTLS_CIPHER_BLKSIZE_MAX
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-14 18:00:37 +02:00

301 lines
11 KiB
C

/* BEGIN_HEADER */
#include "mbedtls/cipher.h"
#include "mbedtls/cmac.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_CMAC_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void mbedtls_cmac_self_test()
{
TEST_ASSERT(mbedtls_cmac_self_test(1) == 0);
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_cmac_null_args()
{
mbedtls_cipher_context_t ctx;
const mbedtls_cipher_info_t *cipher_info;
unsigned char test_key[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
unsigned char test_data[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
unsigned char test_output[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
mbedtls_cipher_init(&ctx);
/* Test NULL cipher info */
TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx, test_data, 16) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB);
TEST_ASSERT(mbedtls_cipher_setup(&ctx, cipher_info) == 0);
TEST_ASSERT(mbedtls_cipher_cmac_starts(NULL, test_key, 128) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
TEST_ASSERT(mbedtls_cipher_cmac_starts(&ctx, NULL, 128) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
TEST_ASSERT(mbedtls_cipher_cmac_update(NULL, test_data, 16) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx, NULL, 16) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
TEST_ASSERT(mbedtls_cipher_cmac_finish(NULL, test_output) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
TEST_ASSERT(mbedtls_cipher_cmac_finish(&ctx, NULL) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
TEST_ASSERT(mbedtls_cipher_cmac_reset(NULL) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
TEST_ASSERT(mbedtls_cipher_cmac(NULL,
test_key, 128,
test_data, 16,
test_output) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
TEST_ASSERT(mbedtls_cipher_cmac(cipher_info,
NULL, 128,
test_data, 16,
test_output) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
TEST_ASSERT(mbedtls_cipher_cmac(cipher_info,
test_key, 128,
NULL, 16,
test_output) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
TEST_ASSERT(mbedtls_cipher_cmac(cipher_info,
test_key, 128,
test_data, 16,
NULL) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#if defined(MBEDTLS_AES_C)
TEST_ASSERT(mbedtls_aes_cmac_prf_128(NULL, 16,
test_data, 16,
test_output) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
TEST_ASSERT(mbedtls_aes_cmac_prf_128(test_key, 16,
NULL, 16,
test_output) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
TEST_ASSERT(mbedtls_aes_cmac_prf_128(test_key, 16,
test_data, 16,
NULL) ==
MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
#endif
exit:
mbedtls_cipher_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_cmac_setkey(int cipher_type, int key_size, int result)
{
const mbedtls_cipher_info_t *cipher_info;
unsigned char key[32];
unsigned char buf[16];
unsigned char tmp[16];
memset(key, 0x2A, sizeof(key));
TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
TEST_ASSERT((cipher_info = mbedtls_cipher_info_from_type(cipher_type))
!= NULL);
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
TEST_LE_U(mbedtls_cipher_info_get_block_size(cipher_info),
MBEDTLS_CIPHER_BLKSIZE_MAX);
#endif /* MBEDTLS_DEPRECATED_REMOVED */
TEST_LE_U(mbedtls_cipher_info_get_block_size(cipher_info),
MBEDTLS_CMAC_MAX_BLOCK_SIZE);
memset(buf, 0x2A, sizeof(buf));
TEST_ASSERT((result == mbedtls_cipher_cmac(cipher_info, key, key_size,
buf, 16, tmp)) != 0);
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_cmac_multiple_blocks(int cipher_type, data_t *key,
int keybits, int block_size,
data_t *block1, int block1_len,
data_t *block2, int block2_len,
data_t *block3, int block3_len,
data_t *block4, int block4_len,
data_t *expected_result)
{
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx;
unsigned char output[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
/* Convert the test parameters to binary data */
mbedtls_cipher_init(&ctx);
/* Validate the test inputs */
TEST_ASSERT(block1_len <= 100);
TEST_ASSERT(block2_len <= 100);
TEST_ASSERT(block3_len <= 100);
TEST_ASSERT(block4_len <= 100);
/* Set up */
TEST_ASSERT((cipher_info = mbedtls_cipher_info_from_type(cipher_type))
!= NULL);
TEST_ASSERT(mbedtls_cipher_setup(&ctx, cipher_info) == 0);
TEST_ASSERT(mbedtls_cipher_cmac_starts(&ctx,
(const unsigned char *) key->x,
keybits) == 0);
/* Multiple partial and complete blocks. A negative length means skip the
* update operation */
if (block1_len >= 0) {
TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
(unsigned char *) block1->x,
block1_len) == 0);
}
if (block2_len >= 0) {
TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
(unsigned char *) block2->x,
block2_len) == 0);
}
if (block3_len >= 0) {
TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
(unsigned char *) block3->x,
block3_len) == 0);
}
if (block4_len >= 0) {
TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
(unsigned char *) block4->x,
block4_len) == 0);
}
TEST_ASSERT(mbedtls_cipher_cmac_finish(&ctx, output) == 0);
TEST_ASSERT(memcmp(output, expected_result->x, block_size) == 0);
exit:
mbedtls_cipher_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_cmac_multiple_operations_same_key(int cipher_type,
data_t *key, int keybits,
int block_size,
data_t *block_a1,
int block_a1_len,
data_t *block_a2,
int block_a2_len,
data_t *block_a3,
int block_a3_len,
data_t *expected_result_a,
data_t *block_b1,
int block_b1_len,
data_t *block_b2,
int block_b2_len,
data_t *block_b3,
int block_b3_len,
data_t *expected_result_b
)
{
const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_context_t ctx;
unsigned char output[MBEDTLS_CMAC_MAX_BLOCK_SIZE];
/* Convert the test parameters to binary data */
mbedtls_cipher_init(&ctx);
/* Validate the test inputs */
TEST_ASSERT(block_a1_len <= 100);
TEST_ASSERT(block_a2_len <= 100);
TEST_ASSERT(block_a3_len <= 100);
TEST_ASSERT(block_b1_len <= 100);
TEST_ASSERT(block_b2_len <= 100);
TEST_ASSERT(block_b3_len <= 100);
/* Set up */
TEST_ASSERT((cipher_info = mbedtls_cipher_info_from_type(cipher_type))
!= NULL);
TEST_ASSERT(mbedtls_cipher_setup(&ctx, cipher_info) == 0);
TEST_ASSERT(mbedtls_cipher_cmac_starts(&ctx,
(const unsigned char *) key->x,
keybits) == 0);
/* Sequence A */
/* Multiple partial and complete blocks. A negative length means skip the
* update operation */
if (block_a1_len >= 0) {
TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
(unsigned char *) block_a1->x,
block_a1_len) == 0);
}
if (block_a2_len >= 0) {
TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
(unsigned char *) block_a2->x,
block_a2_len) == 0);
}
if (block_a3_len >= 0) {
TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
(unsigned char *) block_a3->x,
block_a3_len) == 0);
}
TEST_ASSERT(mbedtls_cipher_cmac_finish(&ctx, output) == 0);
TEST_ASSERT(memcmp(output, expected_result_a->x, block_size) == 0);
TEST_ASSERT(mbedtls_cipher_cmac_reset(&ctx) == 0);
/* Sequence B */
/* Multiple partial and complete blocks. A negative length means skip the
* update operation */
if (block_b1_len >= 0) {
TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
(unsigned char *) block_b1->x,
block_b1_len) == 0);
}
if (block_b2_len >= 0) {
TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
(unsigned char *) block_b2->x,
block_b2_len) == 0);
}
if (block_b3_len >= 0) {
TEST_ASSERT(mbedtls_cipher_cmac_update(&ctx,
(unsigned char *) block_b3->x,
block_b3_len) == 0);
}
TEST_ASSERT(mbedtls_cipher_cmac_finish(&ctx, output) == 0);
TEST_ASSERT(memcmp(output, expected_result_b->x, block_size) == 0);
exit:
mbedtls_cipher_free(&ctx);
}
/* END_CASE */