Merge pull request #12038 from cladmi/pr/tests/crypto/add_rfc_nist_tests

tests/sys_crypto: add RFC3610 and NIST SP 800-38C tests

tests/sys_crypto/Makefile

@@ -0,0 +1,32 @@
+include ../Makefile.tests_common
+
+# Issue with integer width
+BOARD_BLACKLIST += arduino-duemilanove
+BOARD_BLACKLIST += arduino-leonardo
+BOARD_BLACKLIST += arduino-mega2560
+BOARD_BLACKLIST += arduino-nano
+BOARD_BLACKLIST += arduino-uno
+BOARD_BLACKLIST += chronos
+BOARD_BLACKLIST += jiminy-mega256rfr2
+BOARD_BLACKLIST += mega-xplained
+BOARD_BLACKLIST += msb-430
+BOARD_BLACKLIST += msb-430h
+BOARD_BLACKLIST += telosb
+BOARD_BLACKLIST += waspmote-pro
+BOARD_BLACKLIST += wsn430-v1_3b
+BOARD_BLACKLIST += wsn430-v1_4
+BOARD_BLACKLIST += z1
+
+BOARD_INSUFFICIENT_MEMORY += nucleo-f031k6
+BOARD_INSUFFICIENT_MEMORY += nucleo-f042k6
+BOARD_INSUFFICIENT_MEMORY += nucleo-l031k6
+
+USEMODULE += embunit
+
+USEMODULE += crypto
+USEMODULE += cipher_modes
+CFLAGS += -DCRYPTO_THREEDES
+
+TEST_ON_CI_WHITELIST += all
+
+include $(RIOTBASE)/Makefile.include

tests/sys_crypto/main.c

@@ -9,8 +9,9 @@
 
 #include "tests-crypto.h"
 
-void tests_crypto(void)
+int main(void)
 {
+    TESTS_START();
     TESTS_RUN(tests_crypto_helper_tests());
     TESTS_RUN(tests_crypto_chacha_tests());
     TESTS_RUN(tests_crypto_poly1305_tests());
@@ -22,4 +23,6 @@ void tests_crypto(void)
     TESTS_RUN(tests_crypto_modes_ecb_tests());
     TESTS_RUN(tests_crypto_modes_cbc_tests());
     TESTS_RUN(tests_crypto_modes_ctr_tests());
+    TESTS_END();
+    return 0;
 }

tests/sys_crypto/tests-crypto.h

@@ -28,11 +28,6 @@
 extern "C" {
 #endif
 
-/**
- * @brief   The entry point of this test suite.
- */
-void tests_crypto(void);
-
 /**
  * @brief   Generates tests for helper functions
  *

tests/sys_crypto/tests/01-run.py

@@ -0,0 +1,18 @@
+#!/usr/bin/env python3
+
+# Copyright (C) 2019 Freie Universität Berlin
+#
+# This file is subject to the terms and conditions of the GNU Lesser
+# General Public License v2.1. See the file LICENSE in the top level
+# directory for more details.
+
+import sys
+from testrunner import run
+
+
+def testfunc(child):
+    child.expect(r'OK \(\d+ tests\)')
+
+
+if __name__ == "__main__":
+    sys.exit(run(testfunc))

tests/unittests/tests-crypto/Makefile

@@ -1 +0,0 @@
-include $(RIOTBASE)/Makefile.base

tests/unittests/tests-crypto/Makefile.include

@@ -1,3 +0,0 @@
-USEMODULE += crypto
-USEMODULE += cipher_modes
-CFLAGS += -DCRYPTO_THREEDES

tests/unittests/tests-crypto/tests-crypto-modes-ccm.c

@@ -1,268 +0,0 @@
-/*
- * Copyright (C) 2015 Nico von Geyso
- *
- * This file is subject to the terms and conditions of the GNU Lesser
- * General Public License v2.1. See the file LICENSE in the top level
- * directory for more details.
- */
-
-#include <limits.h>
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include "embUnit.h"
-#include "crypto/ciphers.h"
-#include "crypto/modes/ccm.h"
-#include "tests-crypto.h"
-
-static const size_t nonce_and_len_encoding_size = 15;
-
-/* PACKET VECTOR #1 (RFC 3610 - Page 10) */
-static const uint8_t TEST_1_KEY[] = {
-    0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
-    0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
-};
-static const size_t TEST_1_KEY_LEN = 16;
-
-static const uint8_t TEST_1_NONCE[] = {
-    0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xA0,
-    0xA1, 0xA2, 0xA3, 0xA4, 0xA5
-};
-static const size_t TEST_1_NONCE_LEN = 13;
-
-static const size_t TEST_1_MAC_LEN = 8;
-
-static const uint8_t TEST_1_INPUT[] = {
-    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* additional auth data */
-    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, /* input */
-    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, /* input */
-    0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E        /* input */
-};
-static const size_t TEST_1_INPUT_LEN = 23;
-static const size_t TEST_1_ADATA_LEN = 8;
-
-static const uint8_t TEST_1_EXPECTED[] = {
-    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x58, 0x8C, 0x97, 0x9A, 0x61, 0xC6, 0x63, 0xD2,
-    0xF0, 0x66, 0xD0, 0xC2, 0xC0, 0xF9, 0x89, 0x80,
-    0x6D, 0x5F, 0x6B, 0x61, 0xDA, 0xC3, 0x84, 0x17,
-    0xE8, 0xD1, 0x2C, 0xFD, 0xF9, 0x26, 0xE0
-};
-static const size_t TEST_1_EXPECTED_LEN = 39;
-
-/* PACKET VECTOR #2 (RFC 3610 - Page 10) */
-static const uint8_t TEST_2_KEY[] = {
-    0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
-    0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF
-};
-static const size_t TEST_2_KEY_LEN = 16;
-
-static const uint8_t TEST_2_NONCE[] = {
-    0x00, 0x00, 0x00, 0x04, 0x03, 0x02, 0x01, 0xA0,
-    0xA1, 0xA2, 0xA3, 0xA4, 0xA5
-};
-static const size_t TEST_2_NONCE_LEN = 13;
-
-static const size_t TEST_2_MAC_LEN = 8;
-
-static const uint8_t TEST_2_INPUT[] = {
-    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
-    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-    0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
-};
-static const size_t TEST_2_INPUT_LEN = 24;
-static const size_t TEST_2_ADATA_LEN = 8;
-
-static const uint8_t TEST_2_EXPECTED[] = {
-    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-    0x72, 0xC9, 0x1A, 0x36, 0xE1, 0x35, 0xF8, 0xCF,
-    0x29, 0x1C, 0xA8, 0x94, 0x08, 0x5C, 0x87, 0xE3,
-    0xCC, 0x15, 0xC4, 0x39, 0xC9, 0xE4, 0x3A, 0x3B,
-    0xA0, 0x91, 0xD5, 0x6E, 0x10, 0x40, 0x09, 0x16
-};
-static const size_t TEST_2_EXPECTED_LEN = 40;
-
-/* Share test buffer output */
-static uint8_t data[60];
-
-static void test_encrypt_op(const uint8_t* key, uint8_t key_len,
-                            const uint8_t* adata, size_t adata_len,
-                            const uint8_t* nonce, uint8_t nonce_len,
-                            const uint8_t* plain, size_t plain_len,
-                            const uint8_t* output_expected,
-                            size_t output_expected_len,
-                            uint8_t mac_length)
-{
-    cipher_t cipher;
-    int len, err, cmp;
-    size_t len_encoding = nonce_and_len_encoding_size - nonce_len;
-
-    TEST_ASSERT_MESSAGE(sizeof(data) >= output_expected_len,
-                        "Output buffer too small");
-
-    err = cipher_init(&cipher, CIPHER_AES_128, key, key_len);
-    TEST_ASSERT_EQUAL_INT(1, err);
-
-    len = cipher_encrypt_ccm(&cipher, adata, adata_len,
-                             mac_length, len_encoding,
-                             nonce, nonce_len, plain, plain_len, data);
-    TEST_ASSERT_MESSAGE(len > 0, "Encryption failed");
-
-    TEST_ASSERT_EQUAL_INT(output_expected_len, len);
-    cmp = compare(output_expected, data, len);
-    TEST_ASSERT_MESSAGE(1 == cmp , "wrong ciphertext");
-
-}
-
-static void test_decrypt_op(const uint8_t* key, uint8_t key_len,
-                            const uint8_t* adata, size_t adata_len,
-                            const uint8_t* nonce, uint8_t nonce_len,
-                            const uint8_t* encrypted, size_t encrypted_len,
-                            const uint8_t* output_expected,
-                            size_t output_expected_len,
-                            uint8_t mac_length)
-{
-    cipher_t cipher;
-    int len, err, cmp;
-    size_t len_encoding = nonce_and_len_encoding_size - nonce_len;
-
-    TEST_ASSERT_MESSAGE(sizeof(data) >= output_expected_len,
-                        "Output buffer too small");
-
-    err = cipher_init(&cipher, CIPHER_AES_128, key, key_len);
-    TEST_ASSERT_EQUAL_INT(1, err);
-
-    len = cipher_decrypt_ccm(&cipher, adata, adata_len,
-                             mac_length, len_encoding,
-                             nonce, nonce_len, encrypted, encrypted_len, data);
-    TEST_ASSERT_MESSAGE(len > 0, "Decryption failed");
-
-    TEST_ASSERT_EQUAL_INT(output_expected_len, len);
-    cmp = compare(output_expected, data, len);
-    TEST_ASSERT_MESSAGE(1 == cmp , "wrong ciphertext");
-
-}
-
-#define do_test_encrypt_op(name) do { \
-    test_encrypt_op(TEST_##name##_KEY, TEST_##name##_KEY_LEN, \
-                    TEST_##name##_INPUT, TEST_##name##_ADATA_LEN, \
-                    TEST_##name##_NONCE, TEST_##name##_NONCE_LEN, \
-                    \
-                    TEST_##name##_INPUT + TEST_##name##_ADATA_LEN, \
-                    TEST_##name##_INPUT_LEN, \
-                    \
-                    TEST_##name##_EXPECTED + TEST_##name##_ADATA_LEN, \
-                    TEST_##name##_EXPECTED_LEN - TEST_##name##_ADATA_LEN, \
-                    \
-                    TEST_##name##_MAC_LEN \
-                    ); \
-} while (0)
-
-
-static void test_crypto_modes_ccm_encrypt(void)
-{
-    do_test_encrypt_op(1);
-    do_test_encrypt_op(2);
-}
-
-#define do_test_decrypt_op(name) do { \
-    test_decrypt_op(TEST_##name##_KEY, TEST_##name##_KEY_LEN, \
-                    TEST_##name##_INPUT, TEST_##name##_ADATA_LEN, \
-                    TEST_##name##_NONCE, TEST_##name##_NONCE_LEN, \
-                    \
-                    TEST_##name##_EXPECTED + TEST_##name##_ADATA_LEN, \
-                    TEST_##name##_EXPECTED_LEN - TEST_##name##_ADATA_LEN, \
-                    \
-                    TEST_##name##_INPUT + TEST_##name##_ADATA_LEN, \
-                    TEST_##name##_INPUT_LEN, \
-                    \
-                    TEST_##name##_MAC_LEN \
-                    ); \
-} while (0)
-
-static void test_crypto_modes_ccm_decrypt(void)
-{
-    do_test_decrypt_op(1);
-    do_test_decrypt_op(2);
-}
-
-
-typedef int (*func_ccm_t)(cipher_t*, const uint8_t*, uint32_t,
-                          uint8_t, uint8_t, const uint8_t*, size_t,
-                          const uint8_t*, size_t, uint8_t*);
-
-static int _test_ccm_len(func_ccm_t func, uint8_t len_encoding,
-                         const uint8_t *input, size_t input_len, size_t adata_len)
-{
-    int ret;
-    cipher_t cipher;
-    uint8_t mac_length = 8;
-    uint8_t nonce[15] = {0};
-    uint8_t key[16] = {0};
-
-    uint8_t nonce_len = nonce_and_len_encoding_size - len_encoding;
-    cipher_init(&cipher, CIPHER_AES_128, key, 16);
-
-    ret = func(&cipher, NULL, adata_len, mac_length, len_encoding,
-               nonce, nonce_len, input, input_len, data);
-    return ret;
-}
-
-
-/* Test length checking in ccm functions. */
-static void test_crypto_modes_ccm_check_len(void)
-{
-    int ret;
-    /* Just 1 to big to fit */
-    ret = _test_ccm_len(cipher_encrypt_ccm, 2, NULL, 1 << 16, 0);
-    TEST_ASSERT_EQUAL_INT(CCM_ERR_INVALID_LENGTH_ENCODING, ret);
-    ret = _test_ccm_len(cipher_decrypt_ccm, 2, NULL, 1 << 16, 0);
-    TEST_ASSERT_EQUAL_INT(CCM_ERR_INVALID_LENGTH_ENCODING, ret);
-
-    /* adata_len should not change the result (was wrong in previous implem) */
-    ret = _test_ccm_len(cipher_encrypt_ccm, 2, NULL, 1 << 16, 65535);
-    TEST_ASSERT_EQUAL_INT(CCM_ERR_INVALID_LENGTH_ENCODING, ret);
-    ret = _test_ccm_len(cipher_decrypt_ccm, 2, NULL, 1 << 16, 65535);
-    TEST_ASSERT_EQUAL_INT(CCM_ERR_INVALID_LENGTH_ENCODING, ret);
-
-    /* Valid length that were wrongly checked */
-    /* Check should work with len_encoding >= 4, test with 8 */
-    uint8_t input[8];
-    ret = _test_ccm_len(cipher_encrypt_ccm, 8, input, 8, 0);
-    TEST_ASSERT_MESSAGE(ret > 0, "Encryption : failed with valid input_len");
-
-    /* einput is encrypted value for
-     * - 8 * 0 input
-     * - All 0 nonce and key
-     * - adata_len == 0
-     * - mac_len == 8 and len_encoding = 8
-     */
-    uint8_t einput[16] = {
-        0xa2, 0x46, 0x75, 0xfc, 0x5f, 0x1b, 0x01, 0x37,
-        0x8a, 0x85, 0xd7, 0xf8, 0x42, 0x82, 0x6a, 0x63,
-    };
-
-    ret = _test_ccm_len(cipher_decrypt_ccm, 8, einput, 16, 0);
-    TEST_ASSERT_MESSAGE(ret > 0, "Decryption : failed with valid input_len");
-
-    /* ccm library does not support auth_data_len > 0xFEFF */
-    ret = _test_ccm_len(cipher_encrypt_ccm, 2, NULL, 0, 0xFEFF + 1);
-    TEST_ASSERT_EQUAL_INT(-1, ret);
-}
-
-
-Test* tests_crypto_modes_ccm_tests(void)
-{
-    EMB_UNIT_TESTFIXTURES(fixtures) {
-        new_TestFixture(test_crypto_modes_ccm_encrypt),
-        new_TestFixture(test_crypto_modes_ccm_decrypt),
-        new_TestFixture(test_crypto_modes_ccm_check_len),
-    };
-
-    EMB_UNIT_TESTCALLER(crypto_modes_ccm_tests, NULL, NULL, fixtures);
-
-    return (Test*)&crypto_modes_ccm_tests;
-}