Unit testing: Add Monte Carlo testing to ciphers

Monte Carlo testing is randomized test data.
These new tests have random keys, IVs, nonce, etc and random data to
encrypt.
100 sets of random test data are encrypted and decrypted with a check to
ensure the input to encrypt is the same as the output of decrypt.
Tags are generated and checked in the calls to encrypt and decrypt.

Author: SparkiDev

tests/api/test_aes.c

@@ -55,6 +55,13 @@ int test_wc_AesEaxStream(void);
 int test_wc_AesSivEncryptDecrypt(void);
 #endif
 
+int test_wc_AesCbc_MonteCarlo(void);
+int test_wc_AesCtr_MonteCarlo(void);
+int test_wc_AesGcm_MonteCarlo(void);
+int test_wc_AesCcm_MonteCarlo(void);
+int test_wc_AesCfb_MonteCarlo(void);
+int test_wc_AesOfb_MonteCarlo(void);
+
 int test_wc_GmacSetKey(void);
 int test_wc_GmacUpdate(void);
 #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \
@@ -91,7 +98,13 @@ int test_wc_CryptoCb_AesGcm_EncryptDecrypt(void);
     TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt),       \
     TEST_DECL_GROUP("aes", test_wc_AesXtsSetKey),               \
     TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt_Sizes), \
-    TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt) \
+    TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt), \
+    TEST_DECL_GROUP("aes", test_wc_AesCbc_MonteCarlo),    \
+    TEST_DECL_GROUP("aes", test_wc_AesCtr_MonteCarlo),    \
+    TEST_DECL_GROUP("aes", test_wc_AesGcm_MonteCarlo),    \
+    TEST_DECL_GROUP("aes", test_wc_AesCcm_MonteCarlo),    \
+    TEST_DECL_GROUP("aes", test_wc_AesCfb_MonteCarlo),    \
+    TEST_DECL_GROUP("aes", test_wc_AesOfb_MonteCarlo)     \
     TEST_CRYPTOCB_AES_SETKEY_DECL
 
 #if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \

tests/api/test_aes.h

@@ -104,3 +104,64 @@ int test_wc_Arc4Process(void)
 
 } /* END test_wc_Arc4Process */
 
+
+#include <wolfssl/wolfcrypt/random.h>
+
+#define MC_CIPHER_TEST_COUNT 100
+#define MC_ARC4_MAX_DATA_SZ  1024
+#define MC_ARC4_KEY_SZ       16   /* fixed 128-bit key */
+
+/* Monte Carlo test for ARC4: random key and plaintext each iteration */
+int test_wc_Arc4_MonteCarlo(void)
+{
+    EXPECT_DECLS;
+#ifndef NO_RC4
+    Arc4 enc, dec;
+    WC_RNG rng;
+    byte key[MC_ARC4_KEY_SZ];
+    word32 plainLen = 0;
+    int i;
+    WC_DECLARE_VAR(plain,     byte, MC_ARC4_MAX_DATA_SZ, NULL);
+    WC_DECLARE_VAR(cipher,    byte, MC_ARC4_MAX_DATA_SZ, NULL);
+    WC_DECLARE_VAR(decrypted, byte, MC_ARC4_MAX_DATA_SZ, NULL);
+
+    WC_ALLOC_VAR(plain,     byte, MC_ARC4_MAX_DATA_SZ, NULL);
+    WC_ALLOC_VAR(cipher,    byte, MC_ARC4_MAX_DATA_SZ, NULL);
+    WC_ALLOC_VAR(decrypted, byte, MC_ARC4_MAX_DATA_SZ, NULL);
+#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
+    ExpectNotNull(plain);
+    ExpectNotNull(cipher);
+    ExpectNotNull(decrypted);
+#endif
+
+    XMEMSET(&enc, 0, sizeof(enc));
+    XMEMSET(&dec, 0, sizeof(dec));
+    XMEMSET(&rng, 0, sizeof(rng));
+
+    ExpectIntEQ(wc_Arc4Init(&enc, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_Arc4Init(&dec, NULL, INVALID_DEVID), 0);
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    for (i = 0; i < MC_CIPHER_TEST_COUNT && EXPECT_SUCCESS(); i++) {
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, key, sizeof(key)), 0);
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, (byte*)&plainLen,
+            sizeof(plainLen)), 0);
+        plainLen = (plainLen % MC_ARC4_MAX_DATA_SZ) + 1;
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, plain, plainLen), 0);
+
+        ExpectIntEQ(wc_Arc4SetKey(&enc, key, sizeof(key)), 0);
+        ExpectIntEQ(wc_Arc4SetKey(&dec, key, sizeof(key)), 0);
+        ExpectIntEQ(wc_Arc4Process(&enc, cipher, plain, plainLen), 0);
+        ExpectIntEQ(wc_Arc4Process(&dec, decrypted, cipher, plainLen), 0);
+        ExpectBufEQ(decrypted, plain, plainLen);
+    }
+
+    wc_Arc4Free(&enc);
+    wc_Arc4Free(&dec);
+    wc_FreeRng(&rng);
+    WC_FREE_VAR(plain,     NULL);
+    WC_FREE_VAR(cipher,    NULL);
+    WC_FREE_VAR(decrypted, NULL);
+#endif
+    return EXPECT_RESULT();
+}

tests/api/test_arc4.c

@@ -26,9 +26,11 @@
 
 int test_wc_Arc4SetKey(void);
 int test_wc_Arc4Process(void);
+int test_wc_Arc4_MonteCarlo(void);
 
-#define TEST_ARC4_DECLS                             \
-    TEST_DECL_GROUP("arc4", test_wc_Arc4SetKey),    \
-    TEST_DECL_GROUP("arc4", test_wc_Arc4Process)
+#define TEST_ARC4_DECLS                                     \
+    TEST_DECL_GROUP("arc4", test_wc_Arc4SetKey),            \
+    TEST_DECL_GROUP("arc4", test_wc_Arc4Process),           \
+    TEST_DECL_GROUP("arc4", test_wc_Arc4_MonteCarlo)
 
 #endif /* WOLFCRYPT_TEST_ARC4_H */

tests/api/test_arc4.h

@@ -214,3 +214,70 @@ int test_wc_CamelliaCbcEncryptDecrypt(void)
     return EXPECT_RESULT();
 } /* END test_wc_CamelliaCbcEncryptDecrypt */
 
+
+#include <wolfssl/wolfcrypt/random.h>
+
+#define MC_CIPHER_TEST_COUNT    100
+#define MC_CAMELLIA_MAX_DATA_SZ 1024
+
+/* Monte Carlo test for Camellia-CBC: random key, IV, and plaintext each
+ * iteration */
+int test_wc_CamelliaCbc_MonteCarlo(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CAMELLIA
+    static const word32 keySizes[] = {16, 24, 32};
+    int numKeySizes = (int)(sizeof(keySizes) / sizeof(keySizes[0]));
+    wc_Camellia camellia;
+    WC_RNG rng;
+    byte key[32];
+    byte iv[WC_CAMELLIA_BLOCK_SIZE];
+    word32 plainLen = 0, keyLen;
+    int i;
+    WC_DECLARE_VAR(plain,     byte, MC_CAMELLIA_MAX_DATA_SZ, NULL);
+    WC_DECLARE_VAR(cipher,    byte, MC_CAMELLIA_MAX_DATA_SZ, NULL);
+    WC_DECLARE_VAR(decrypted, byte, MC_CAMELLIA_MAX_DATA_SZ, NULL);
+
+    WC_ALLOC_VAR(plain,     byte, MC_CAMELLIA_MAX_DATA_SZ, NULL);
+    WC_ALLOC_VAR(cipher,    byte, MC_CAMELLIA_MAX_DATA_SZ, NULL);
+    WC_ALLOC_VAR(decrypted, byte, MC_CAMELLIA_MAX_DATA_SZ, NULL);
+#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
+    ExpectNotNull(plain);
+    ExpectNotNull(cipher);
+    ExpectNotNull(decrypted);
+#endif
+
+    XMEMSET(&camellia, 0, sizeof(camellia));
+    XMEMSET(&rng, 0, sizeof(rng));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    for (i = 0; i < MC_CIPHER_TEST_COUNT && EXPECT_SUCCESS(); i++) {
+        keyLen = keySizes[i % numKeySizes];
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, key, keyLen), 0);
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, iv, sizeof(iv)), 0);
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, (byte*)&plainLen,
+            sizeof(plainLen)), 0);
+        /* Length 1..1024, rounded up to Camellia block size */
+        plainLen = (plainLen % MC_CAMELLIA_MAX_DATA_SZ) + 1;
+        plainLen = (plainLen + WC_CAMELLIA_BLOCK_SIZE - 1) &
+                   ~((word32)WC_CAMELLIA_BLOCK_SIZE - 1);
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, plain, plainLen), 0);
+
+        ExpectIntEQ(wc_CamelliaSetKey(&camellia, key, keyLen, iv), 0);
+        ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, cipher, plain,
+            plainLen), 0);
+        /* Reset IV by calling SetKey again before decrypt */
+        ExpectIntEQ(wc_CamelliaSetKey(&camellia, key, keyLen, iv), 0);
+        ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, decrypted, cipher,
+            plainLen), 0);
+        ExpectBufEQ(decrypted, plain, plainLen);
+    }
+
+    wc_FreeRng(&rng);
+    WC_FREE_VAR(plain,     NULL);
+    WC_FREE_VAR(cipher,    NULL);
+    WC_FREE_VAR(decrypted, NULL);
+#endif
+    return EXPECT_RESULT();
+}

tests/api/test_camellia.c

@@ -28,11 +28,13 @@ int test_wc_CamelliaSetKey(void);
 int test_wc_CamelliaSetIV(void);
 int test_wc_CamelliaEncryptDecryptDirect(void);
 int test_wc_CamelliaCbcEncryptDecrypt(void);
+int test_wc_CamelliaCbc_MonteCarlo(void);
 
 #define TEST_CAMELLIA_DECLS                                             \
     TEST_DECL_GROUP("camellia", test_wc_CamelliaSetKey),                \
     TEST_DECL_GROUP("camellia", test_wc_CamelliaSetIV),                 \
     TEST_DECL_GROUP("camellia", test_wc_CamelliaEncryptDecryptDirect),  \
-    TEST_DECL_GROUP("camellia", test_wc_CamelliaCbcEncryptDecrypt)
+    TEST_DECL_GROUP("camellia", test_wc_CamelliaCbcEncryptDecrypt),     \
+    TEST_DECL_GROUP("camellia", test_wc_CamelliaCbc_MonteCarlo)
 
 #endif /* WOLFCRYPT_TEST_CAMELLIA_H */

tests/api/test_camellia.h

@@ -372,3 +372,64 @@ int test_wc_Chacha_Process_Chunking(void)
 } /* END test_wc_Chacha_Process */
 
 
+
+#include <wolfssl/wolfcrypt/random.h>
+
+#define MC_CIPHER_TEST_COUNT 100
+#define MC_CHACHA_MAX_DATA_SZ 1024
+
+/* Monte Carlo test for ChaCha20: random key, IV, and plaintext each
+ * iteration */
+int test_wc_Chacha_MonteCarlo(void)
+{
+    EXPECT_DECLS;
+#ifdef HAVE_CHACHA
+    ChaCha enc, dec;
+    WC_RNG rng;
+    byte key[CHACHA_MAX_KEY_SZ];
+    byte nonce[CHACHA_IV_BYTES];
+    word32 plainLen = 0;
+    int i;
+    WC_DECLARE_VAR(plain,     byte, MC_CHACHA_MAX_DATA_SZ, NULL);
+    WC_DECLARE_VAR(cipher,    byte, MC_CHACHA_MAX_DATA_SZ, NULL);
+    WC_DECLARE_VAR(decrypted, byte, MC_CHACHA_MAX_DATA_SZ, NULL);
+
+    WC_ALLOC_VAR(plain,     byte, MC_CHACHA_MAX_DATA_SZ, NULL);
+    WC_ALLOC_VAR(cipher,    byte, MC_CHACHA_MAX_DATA_SZ, NULL);
+    WC_ALLOC_VAR(decrypted, byte, MC_CHACHA_MAX_DATA_SZ, NULL);
+#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
+    ExpectNotNull(plain);
+    ExpectNotNull(cipher);
+    ExpectNotNull(decrypted);
+#endif
+
+    XMEMSET(&enc, 0, sizeof(enc));
+    XMEMSET(&dec, 0, sizeof(dec));
+    XMEMSET(&rng, 0, sizeof(rng));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    for (i = 0; i < MC_CIPHER_TEST_COUNT && EXPECT_SUCCESS(); i++) {
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, key, sizeof(key)), 0);
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, nonce, sizeof(nonce)), 0);
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, (byte*)&plainLen,
+            sizeof(plainLen)), 0);
+        plainLen = (plainLen % MC_CHACHA_MAX_DATA_SZ) + 1;
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, plain, plainLen), 0);
+
+        ExpectIntEQ(wc_Chacha_SetKey(&enc, key, sizeof(key)), 0);
+        ExpectIntEQ(wc_Chacha_SetKey(&dec, key, sizeof(key)), 0);
+        ExpectIntEQ(wc_Chacha_SetIV(&enc, nonce, 0), 0);
+        ExpectIntEQ(wc_Chacha_SetIV(&dec, nonce, 0), 0);
+        ExpectIntEQ(wc_Chacha_Process(&enc, cipher, plain, plainLen), 0);
+        ExpectIntEQ(wc_Chacha_Process(&dec, decrypted, cipher, plainLen), 0);
+        ExpectBufEQ(decrypted, plain, plainLen);
+    }
+
+    wc_FreeRng(&rng);
+    WC_FREE_VAR(plain,     NULL);
+    WC_FREE_VAR(cipher,    NULL);
+    WC_FREE_VAR(decrypted, NULL);
+#endif
+    return EXPECT_RESULT();
+}

tests/api/test_chacha.c

@@ -27,10 +27,12 @@
 int test_wc_Chacha_SetKey(void);
 int test_wc_Chacha_Process(void);
 int test_wc_Chacha_Process_Chunking(void);
+int test_wc_Chacha_MonteCarlo(void);
 
-#define TEST_CHACHA_DECLS                                       \
-    TEST_DECL_GROUP("chacha", test_wc_Chacha_SetKey),           \
-    TEST_DECL_GROUP("chacha", test_wc_Chacha_Process),          \
-    TEST_DECL_GROUP("chacha", test_wc_Chacha_Process_Chunking)
+#define TEST_CHACHA_DECLS                                           \
+    TEST_DECL_GROUP("chacha", test_wc_Chacha_SetKey),               \
+    TEST_DECL_GROUP("chacha", test_wc_Chacha_Process),              \
+    TEST_DECL_GROUP("chacha", test_wc_Chacha_Process_Chunking),     \
+    TEST_DECL_GROUP("chacha", test_wc_Chacha_MonteCarlo)
 
 #endif /* WOLFCRYPT_TEST_CHACHA_H */

tests/api/test_chacha.h

@@ -283,3 +283,60 @@ int test_wc_XChaCha20Poly1305_aead(void)
 #endif
     return EXPECT_RESULT();
 } /* END test_wc_XChaCha20Poly1305_aead */
+
+#include <wolfssl/wolfcrypt/random.h>
+
+#define MC_CIPHER_TEST_COUNT     100
+#define MC_CHACHA20P1305_MAX_SZ  1024
+
+/* Monte Carlo test for ChaCha20-Poly1305: random key, nonce, and plaintext
+ * each iteration */
+int test_wc_ChaCha20Poly1305_MonteCarlo(void)
+{
+    EXPECT_DECLS;
+#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
+    WC_RNG rng;
+    byte key[CHACHA20_POLY1305_AEAD_KEYSIZE];
+    byte nonce[CHACHA20_POLY1305_AEAD_IV_SIZE];
+    byte tag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
+    word32 plainLen = 0;
+    int i;
+    WC_DECLARE_VAR(plain,     byte, MC_CHACHA20P1305_MAX_SZ, NULL);
+    WC_DECLARE_VAR(cipher,    byte, MC_CHACHA20P1305_MAX_SZ, NULL);
+    WC_DECLARE_VAR(decrypted, byte, MC_CHACHA20P1305_MAX_SZ, NULL);
+
+    WC_ALLOC_VAR(plain,     byte, MC_CHACHA20P1305_MAX_SZ, NULL);
+    WC_ALLOC_VAR(cipher,    byte, MC_CHACHA20P1305_MAX_SZ, NULL);
+    WC_ALLOC_VAR(decrypted, byte, MC_CHACHA20P1305_MAX_SZ, NULL);
+#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
+    ExpectNotNull(plain);
+    ExpectNotNull(cipher);
+    ExpectNotNull(decrypted);
+#endif
+
+    XMEMSET(&rng, 0, sizeof(rng));
+
+    ExpectIntEQ(wc_InitRng(&rng), 0);
+
+    for (i = 0; i < MC_CIPHER_TEST_COUNT && EXPECT_SUCCESS(); i++) {
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, key, sizeof(key)), 0);
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, nonce, sizeof(nonce)), 0);
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, (byte*)&plainLen,
+            sizeof(plainLen)), 0);
+        plainLen = (plainLen % MC_CHACHA20P1305_MAX_SZ) + 1;
+        ExpectIntEQ(wc_RNG_GenerateBlock(&rng, plain, plainLen), 0);
+
+        ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, nonce, NULL, 0,
+            plain, plainLen, cipher, tag), 0);
+        ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, nonce, NULL, 0,
+            cipher, plainLen, tag, decrypted), 0);
+        ExpectBufEQ(decrypted, plain, plainLen);
+    }
+
+    wc_FreeRng(&rng);
+    WC_FREE_VAR(plain,     NULL);
+    WC_FREE_VAR(cipher,    NULL);
+    WC_FREE_VAR(decrypted, NULL);
+#endif
+    return EXPECT_RESULT();
+}

tests/api/test_chacha20_poly1305.c

@@ -26,9 +26,11 @@
 
 int test_wc_ChaCha20Poly1305_aead(void);
 int test_wc_XChaCha20Poly1305_aead(void);
+int test_wc_ChaCha20Poly1305_MonteCarlo(void);
 
-#define TEST_CHACHA20_POLY1305_DECLS                                     \
-    TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_aead), \
-    TEST_DECL_GROUP("xchacha20-poly1305", test_wc_XChaCha20Poly1305_aead)
+#define TEST_CHACHA20_POLY1305_DECLS                                             \
+    TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_aead),         \
+    TEST_DECL_GROUP("xchacha20-poly1305", test_wc_XChaCha20Poly1305_aead),       \
+    TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_MonteCarlo)
 
 #endif /* WOLFCRYPT_TEST_CHACHA20_POLY1305_H */