/* BEGIN_HEADER */
#include "mbedtls/nist_kw.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_NIST_KW_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
void mbedtls_nist_kw_self_test()
{
TEST_ASSERT(mbedtls_nist_kw_self_test(1) == 0);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
void mbedtls_nist_kw_mix_contexts()
{
mbedtls_nist_kw_context ctx1, ctx2;
unsigned char key[16];
unsigned char plaintext[32];
unsigned char ciphertext1[40];
unsigned char ciphertext2[40];
size_t output_len, i;
memset(plaintext, 0, sizeof(plaintext));
memset(ciphertext1, 0, sizeof(ciphertext1));
memset(ciphertext2, 0, sizeof(ciphertext2));
memset(key, 0, sizeof(key));
/*
* 1. Check wrap and unwrap with two separate contexts
*/
mbedtls_nist_kw_init(&ctx1);
mbedtls_nist_kw_init(&ctx2);
TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx1,
MBEDTLS_CIPHER_ID_AES,
key, sizeof(key) * 8,
1) == 0);
TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KW,
plaintext, sizeof(plaintext),
ciphertext1, &output_len,
sizeof(ciphertext1)) == 0);
TEST_ASSERT(output_len == sizeof(ciphertext1));
TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx2,
MBEDTLS_CIPHER_ID_AES,
key, sizeof(key) * 8,
0) == 0);
TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KW,
ciphertext1, output_len,
plaintext, &output_len,
sizeof(plaintext)) == 0);
TEST_ASSERT(output_len == sizeof(plaintext));
for (i = 0; i < sizeof(plaintext); i++) {
TEST_ASSERT(plaintext[i] == 0);
}
mbedtls_nist_kw_free(&ctx1);
mbedtls_nist_kw_free(&ctx2);
/*
* 2. Check wrapping with two modes, on same context
*/
mbedtls_nist_kw_init(&ctx1);
mbedtls_nist_kw_init(&ctx2);
output_len = sizeof(ciphertext1);
TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx1,
MBEDTLS_CIPHER_ID_AES,
key, sizeof(key) * 8,
1) == 0);
TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KW,
plaintext, sizeof(plaintext),
ciphertext1, &output_len,
sizeof(ciphertext1)) == 0);
TEST_ASSERT(output_len == sizeof(ciphertext1));
TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KWP,
plaintext, sizeof(plaintext),
ciphertext2, &output_len,
sizeof(ciphertext2)) == 0);
TEST_ASSERT(output_len == sizeof(ciphertext2));
TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx2,
MBEDTLS_CIPHER_ID_AES,
key, sizeof(key) * 8,
0) == 0);
TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KW,
ciphertext1, sizeof(ciphertext1),
plaintext, &output_len,
sizeof(plaintext)) == 0);
TEST_ASSERT(output_len == sizeof(plaintext));
for (i = 0; i < sizeof(plaintext); i++) {
TEST_ASSERT(plaintext[i] == 0);
}
TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KWP,
ciphertext2, sizeof(ciphertext2),
plaintext, &output_len,
sizeof(plaintext)) == 0);
TEST_ASSERT(output_len == sizeof(plaintext));
for (i = 0; i < sizeof(plaintext); i++) {
TEST_ASSERT(plaintext[i] == 0);
}
exit:
mbedtls_nist_kw_free(&ctx1);
mbedtls_nist_kw_free(&ctx2);
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_nist_kw_setkey(int cipher_id, int key_size,
int is_wrap, int result)
{
mbedtls_nist_kw_context ctx;
unsigned char key[32];
int ret;
mbedtls_nist_kw_init(&ctx);
memset(key, 0x2A, sizeof(key));
TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
ret = mbedtls_nist_kw_setkey(&ctx, cipher_id, key, key_size, is_wrap);
TEST_ASSERT(ret == result);
exit:
mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
void nist_kw_plaintext_lengths(int in_len, int out_len, int mode, int res)
{
mbedtls_nist_kw_context ctx;
unsigned char key[16];
unsigned char *plaintext = NULL;
unsigned char *ciphertext = NULL;
size_t output_len = out_len;
mbedtls_nist_kw_init(&ctx);
memset(key, 0, sizeof(key));
if (in_len != 0) {
plaintext = mbedtls_calloc(1, in_len);
TEST_ASSERT(plaintext != NULL);
}
if (out_len != 0) {
ciphertext = mbedtls_calloc(1, output_len);
TEST_ASSERT(ciphertext != NULL);
}
TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
key, 8 * sizeof(key), 1) == 0);
TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx, mode, plaintext, in_len,
ciphertext, &output_len,
output_len) == res);
if (res == 0) {
if (mode == MBEDTLS_KW_MODE_KWP) {
TEST_ASSERT(output_len == (size_t) in_len + 8 -
(in_len % 8) + 8);
} else {
TEST_ASSERT(output_len == (size_t) in_len + 8);
}
} else {
TEST_ASSERT(output_len == 0);
}
exit:
mbedtls_free(ciphertext);
mbedtls_free(plaintext);
mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
void nist_kw_ciphertext_lengths(int in_len, int out_len, int mode, int res)
{
mbedtls_nist_kw_context ctx;
unsigned char key[16];
unsigned char *plaintext = NULL;
unsigned char *ciphertext = NULL;
int unwrap_ret;
size_t output_len = out_len;
mbedtls_nist_kw_init(&ctx);
memset(key, 0, sizeof(key));
if (out_len != 0) {
plaintext = mbedtls_calloc(1, output_len);
TEST_ASSERT(plaintext != NULL);
}
if (in_len != 0) {
ciphertext = mbedtls_calloc(1, in_len);
TEST_ASSERT(ciphertext != NULL);
}
TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
key, 8 * sizeof(key), 0) == 0);
unwrap_ret = mbedtls_nist_kw_unwrap(&ctx, mode, ciphertext, in_len,
plaintext, &output_len,
output_len);
if (res == 0) {
TEST_ASSERT(unwrap_ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED);
} else {
TEST_ASSERT(unwrap_ret == res);
}
TEST_ASSERT(output_len == 0);
exit:
mbedtls_free(ciphertext);
mbedtls_free(plaintext);
mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_nist_kw_wrap(int cipher_id, int mode, data_t *key, data_t *msg,
data_t *expected_result)
{
unsigned char result[528];
mbedtls_nist_kw_context ctx;
size_t result_len, i, padlen;
mbedtls_nist_kw_init(&ctx);
memset(result, '+', sizeof(result));
TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, cipher_id,
key->x, key->len * 8, 1) == 0);
/* Test with input == output */
TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx, mode, msg->x, msg->len,
result, &result_len, sizeof(result)) == 0);
TEST_ASSERT(result_len == expected_result->len);
TEST_ASSERT(memcmp(expected_result->x, result, result_len) == 0);
padlen = (msg->len % 8 != 0) ? 8 - (msg->len % 8) : 0;
/* Check that the function didn't write beyond the end of the buffer. */
for (i = msg->len + 8 + padlen; i < sizeof(result); i++) {
TEST_ASSERT(result[i] == '+');
}
exit:
mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_nist_kw_unwrap(int cipher_id, int mode, data_t *key, data_t *msg,
data_t *expected_result, int expected_ret)
{
unsigned char result[528];
mbedtls_nist_kw_context ctx;
size_t result_len, i;
mbedtls_nist_kw_init(&ctx);
memset(result, '+', sizeof(result));
TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, cipher_id,
key->x, key->len * 8, 0) == 0);
/* Test with input == output */
TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx, mode, msg->x, msg->len,
result, &result_len, sizeof(result)) == expected_ret);
if (expected_ret == 0) {
TEST_ASSERT(result_len == expected_result->len);
TEST_ASSERT(memcmp(expected_result->x, result, result_len) == 0);
} else {
TEST_ASSERT(result_len == 0);
}
/* Check that the function didn't write beyond the end of the buffer. */
for (i = msg->len - 8; i < sizeof(result); i++) {
TEST_ASSERT(result[i] == '+');
}
exit:
mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */