yuzu/externals/mbedtls/tests/suites/test_suite_chachapoly.function

/* BEGIN_HEADER */
#include "mbedtls/chachapoly.h"
/* END_HEADER */

/* BEGIN_DEPENDENCIES
 * depends_on:MBEDTLS_CHACHAPOLY_C
 * END_DEPENDENCIES
 */

/* BEGIN_CASE */
void mbedtls_chachapoly_enc( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str )
{
    unsigned char output[265];
    unsigned char mac[16]; /* size set by the standard */
    mbedtls_chachapoly_context ctx;

    TEST_ASSERT( key_str->len   == 32 );
    TEST_ASSERT( nonce_str->len == 12 );
    TEST_ASSERT( mac_str->len   == 16 );

    mbedtls_chachapoly_init( &ctx );

    TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 );

    TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                      input_str->len, nonce_str->x,
                                      aad_str->x, aad_str->len,
                                      input_str->x, output, mac ) == 0 );

    TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 );
    TEST_ASSERT( memcmp( mac_str->x, mac, 16U ) == 0 );

exit:
    mbedtls_chachapoly_free( &ctx );
}
/* END_CASE */

/* BEGIN_CASE */
void mbedtls_chachapoly_dec( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str, int ret_exp )
{
    unsigned char output[265];
    int ret;
    mbedtls_chachapoly_context ctx;

    TEST_ASSERT( key_str->len   == 32 );
    TEST_ASSERT( nonce_str->len == 12 );
    TEST_ASSERT( mac_str->len   == 16 );

    mbedtls_chachapoly_init( &ctx );

    TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 );

    ret = mbedtls_chachapoly_auth_decrypt( &ctx,
                                           input_str->len, nonce_str->x,
                                           aad_str->x, aad_str->len,
                                           mac_str->x, input_str->x, output );

    TEST_ASSERT( ret == ret_exp );
    if( ret_exp == 0 )
    {
        TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 );
    }

exit:
    mbedtls_chachapoly_free( &ctx );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
void chachapoly_bad_params()
{
    unsigned char key[32];
    unsigned char nonce[12];
    unsigned char aad[1];
    unsigned char input[1];
    unsigned char output[1];
    unsigned char mac[16];
    size_t input_len = sizeof( input );
    size_t aad_len = sizeof( aad );
    mbedtls_chachapoly_context ctx;

    memset( key,    0x00, sizeof( key ) );
    memset( nonce,  0x00, sizeof( nonce ) );
    memset( aad,    0x00, sizeof( aad ) );
    memset( input,  0x00, sizeof( input ) );
    memset( output, 0x00, sizeof( output ) );
    memset( mac,    0x00, sizeof( mac ) );

    TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) );
    TEST_VALID_PARAM( mbedtls_chachapoly_free( NULL ) );

    /* setkey */
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_setkey( NULL, key ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_setkey( &ctx, NULL ) );

    /* encrypt_and_tag */
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_encrypt_and_tag( NULL,
                                      0, nonce,
                                      aad, 0,
                                      input, output, mac ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                      0, NULL,
                                      aad, 0,
                                      input, output, mac ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                      0, nonce,
                                      NULL, aad_len,
                                      input, output, mac ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                      input_len, nonce,
                                      aad, 0,
                                      NULL, output, mac ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                      input_len, nonce,
                                      aad, 0,
                                      input, NULL, mac ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_encrypt_and_tag( &ctx,
                                      0, nonce,
                                      aad, 0,
                                      input, output, NULL ) );

    /* auth_decrypt */
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_auth_decrypt( NULL,
                                           0, nonce,
                                           aad, 0,
                                           mac, input, output ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_auth_decrypt( &ctx,
                                           0, NULL,
                                           aad, 0,
                                           mac, input, output ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_auth_decrypt( &ctx,
                                           0, nonce,
                                           NULL, aad_len,
                                           mac, input, output ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_auth_decrypt( &ctx,
                                           0, nonce,
                                           aad, 0,
                                           NULL, input, output ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_auth_decrypt( &ctx,
                                           input_len, nonce,
                                           aad, 0,
                                           mac, NULL, output ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_auth_decrypt( &ctx,
                                           input_len, nonce,
                                           aad, 0,
                                           mac, input, NULL ) );

    /* starts */
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_starts( NULL, nonce,
                                               MBEDTLS_CHACHAPOLY_ENCRYPT ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_starts( &ctx, NULL,
                                               MBEDTLS_CHACHAPOLY_ENCRYPT ) );

    /* update_aad */
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_update_aad( NULL, aad,
                                                           aad_len ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_update_aad( &ctx, NULL,
                                                           aad_len ) );

    /* update */
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_update( NULL, input_len,
                                                       input, output ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_update( &ctx, input_len,
                                                       NULL, output ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_update( &ctx, input_len,
                                                       input, NULL ) );

    /* finish */
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_finish( NULL, mac ) );
    TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
                            mbedtls_chachapoly_finish( &ctx, NULL ) );

exit:
    return;
}
/* END_CASE */

/* BEGIN_CASE */
void chachapoly_state()
{
    unsigned char key[32];
    unsigned char nonce[12];
    unsigned char aad[1];
    unsigned char input[1];
    unsigned char output[1];
    unsigned char mac[16];
    size_t input_len = sizeof( input );
    size_t aad_len = sizeof( aad );
    mbedtls_chachapoly_context ctx;

    memset( key,    0x00, sizeof( key ) );
    memset( nonce,  0x00, sizeof( nonce ) );
    memset( aad,    0x00, sizeof( aad ) );
    memset( input,  0x00, sizeof( input ) );
    memset( output, 0x00, sizeof( output ) );
    memset( mac,    0x00, sizeof( mac ) );

    /* Initial state: finish, update, update_aad forbidden */
    mbedtls_chachapoly_init( &ctx );

    TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
    TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
    TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );

    /* Still initial state: finish, update, update_aad forbidden */
    TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key )
                 == 0 );

    TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
    TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
    TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );

    /* Starts -> finish OK */
    TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
                 == 0 );
    TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
                 == 0 );

    /* After finish: update, update_aad forbidden */
    TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
    TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );

    /* Starts -> update* OK */
    TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
                 == 0 );
    TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
                 == 0 );
    TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
                 == 0 );

    /* After update: update_aad forbidden */
    TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
                 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );

    /* Starts -> update_aad* -> finish OK */
    TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
                 == 0 );
    TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
                 == 0 );
    TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
                 == 0 );
    TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
                 == 0 );

exit:
    mbedtls_chachapoly_free( &ctx );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void chachapoly_selftest()
{
    TEST_ASSERT( mbedtls_chachapoly_self_test( 1 ) == 0 );
}
/* END_CASE */