Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 0344c602eadc0802776b65ff90f0a02c856cf53c / . / tests / suites / test_suite_ccm.function
blob: dbb313b93983e1a2341ba72ab71aae5ebf2dcc88 [file] [log] [blame]
Tom Rini0344c602024-10-08 13:56:50 -0600[diff] [blame^]1/* BEGIN_HEADER */
2#include "mbedtls/ccm.h"
3
4/* Use the multipart interface to process the encrypted data in two parts
5 * and check that the output matches the expected output.
6 * The context must have been set up with the key. */
7static int check_multipart(mbedtls_ccm_context *ctx,
8 int mode,
9 const data_t *iv,
10 const data_t *add,
11 const data_t *input,
12 const data_t *expected_output,
13 const data_t *tag,
14 size_t n1,
15 size_t n1_add)
16{
17 int ok = 0;
18 uint8_t *output = NULL;
19 size_t n2 = input->len - n1;
20 size_t n2_add = add->len - n1_add;
21 size_t olen;
22
23 /* Sanity checks on the test data */
24 TEST_ASSERT(n1 <= input->len);
25 TEST_ASSERT(n1_add <= add->len);
26 TEST_EQUAL(input->len, expected_output->len);
27 TEST_EQUAL(0, mbedtls_ccm_starts(ctx, mode, iv->x, iv->len));
28 TEST_EQUAL(0, mbedtls_ccm_set_lengths(ctx, add->len, input->len, tag->len));
29 TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x, n1_add));
30 TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x + n1_add, n2_add));
31
32 /* Allocate a tight buffer for each update call. This way, if the function
33 * tries to write beyond the advertised required buffer size, this will
34 * count as an overflow for memory sanitizers and static checkers. */
35 TEST_CALLOC(output, n1);
36 olen = 0xdeadbeef;
37 TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x, n1, output, n1, &olen));
38 TEST_EQUAL(n1, olen);
39 TEST_MEMORY_COMPARE(output, olen, expected_output->x, n1);
40 mbedtls_free(output);
41 output = NULL;
42
43 TEST_CALLOC(output, n2);
44 olen = 0xdeadbeef;
45 TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x + n1, n2, output, n2, &olen));
46 TEST_EQUAL(n2, olen);
47 TEST_MEMORY_COMPARE(output, olen, expected_output->x + n1, n2);
48 mbedtls_free(output);
49 output = NULL;
50
51 TEST_CALLOC(output, tag->len);
52 TEST_EQUAL(0, mbedtls_ccm_finish(ctx, output, tag->len));
53 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
54 mbedtls_free(output);
55 output = NULL;
56
57 ok = 1;
58exit:
59 mbedtls_free(output);
60 return ok;
61}
62/* END_HEADER */
63
64/* BEGIN_DEPENDENCIES
65 * depends_on:MBEDTLS_CCM_C
66 * END_DEPENDENCIES
67 */
68
69/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_CCM_GCM_CAN_AES */
70void mbedtls_ccm_self_test()
71{
72 BLOCK_CIPHER_PSA_INIT();
73 TEST_ASSERT(mbedtls_ccm_self_test(1) == 0);
74 BLOCK_CIPHER_PSA_DONE();
75}
76/* END_CASE */
77
78/* BEGIN_CASE */
79void mbedtls_ccm_setkey(int cipher_id, int key_size, int result)
80{
81 mbedtls_ccm_context ctx;
82 unsigned char key[32];
83 int ret;
84
85 BLOCK_CIPHER_PSA_INIT();
86 mbedtls_ccm_init(&ctx);
87
88 memset(key, 0x2A, sizeof(key));
89 TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
90
91 ret = mbedtls_ccm_setkey(&ctx, cipher_id, key, key_size);
92 TEST_ASSERT(ret == result);
93
94exit:
95 mbedtls_ccm_free(&ctx);
96 BLOCK_CIPHER_PSA_DONE();
97}
98/* END_CASE */
99
100/* BEGIN_CASE depends_on:MBEDTLS_CCM_GCM_CAN_AES */
101void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res)
102{
103 mbedtls_ccm_context ctx;
104 unsigned char key[16];
105 unsigned char msg[10];
106 unsigned char iv[14];
107 unsigned char *add = NULL;
108 unsigned char out[10];
109 unsigned char tag[18];
110 int decrypt_ret;
111
112 BLOCK_CIPHER_PSA_INIT();
113 mbedtls_ccm_init(&ctx);
114
115 TEST_CALLOC_OR_SKIP(add, add_len);
116 memset(key, 0, sizeof(key));
117 memset(msg, 0, sizeof(msg));
118 memset(iv, 0, sizeof(iv));
119 memset(out, 0, sizeof(out));
120 memset(tag, 0, sizeof(tag));
121
122 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
123 key, 8 * sizeof(key)) == 0);
124
125 TEST_ASSERT(mbedtls_ccm_encrypt_and_tag(&ctx, msg_len, iv, iv_len, add, add_len,
126 msg, out, tag, tag_len) == res);
127
128 decrypt_ret = mbedtls_ccm_auth_decrypt(&ctx, msg_len, iv, iv_len, add, add_len,
129 msg, out, tag, tag_len);
130
131 if (res == 0) {
132 TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED);
133 } else {
134 TEST_ASSERT(decrypt_ret == res);
135 }
136
137exit:
138 mbedtls_free(add);
139 mbedtls_ccm_free(&ctx);
140 BLOCK_CIPHER_PSA_DONE();
141}
142/* END_CASE */
143
144/* BEGIN_CASE depends_on:MBEDTLS_CCM_GCM_CAN_AES */
145void ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len,
146 int res)
147{
148 mbedtls_ccm_context ctx;
149 unsigned char key[16];
150 unsigned char msg[10];
151 unsigned char iv[14];
152 unsigned char add[10];
153 unsigned char out[10];
154 unsigned char tag[18];
155 int decrypt_ret;
156
157 BLOCK_CIPHER_PSA_INIT();
158 mbedtls_ccm_init(&ctx);
159
160 memset(key, 0, sizeof(key));
161 memset(msg, 0, sizeof(msg));
162 memset(iv, 0, sizeof(iv));
163 memset(add, 0, sizeof(add));
164 memset(out, 0, sizeof(out));
165 memset(tag, 0, sizeof(tag));
166
167 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
168 key, 8 * sizeof(key)) == 0);
169
170 TEST_ASSERT(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg_len, iv, iv_len,
171 add, add_len, msg, out, tag, tag_len) == res);
172
173 decrypt_ret = mbedtls_ccm_star_auth_decrypt(&ctx, msg_len, iv, iv_len, add,
174 add_len, msg, out, tag, tag_len);
175
176 if (res == 0 && tag_len != 0) {
177 TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED);
178 } else {
179 TEST_ASSERT(decrypt_ret == res);
180 }
181
182exit:
183 mbedtls_ccm_free(&ctx);
184 BLOCK_CIPHER_PSA_DONE();
185}
186/* END_CASE */
187
188/* BEGIN_CASE */
189void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key,
190 data_t *msg, data_t *iv,
191 data_t *add, data_t *result)
192{
193 mbedtls_ccm_context ctx;
194 size_t n1, n1_add;
195 uint8_t *io_msg_buf = NULL;
196 uint8_t *tag_buf = NULL;
197 const size_t expected_tag_len = result->len - msg->len;
198 const uint8_t *expected_tag = result->x + msg->len;
199
200 /* Prepare input/output message buffer */
201 TEST_CALLOC(io_msg_buf, msg->len);
202 if (msg->len != 0) {
203 memcpy(io_msg_buf, msg->x, msg->len);
204 }
205
206 /* Prepare tag buffer */
207 TEST_CALLOC(tag_buf, expected_tag_len);
208
209 BLOCK_CIPHER_PSA_INIT();
210 mbedtls_ccm_init(&ctx);
211 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
212 /* Test with input == output */
213 TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len,
214 io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), 0);
215
216 TEST_MEMORY_COMPARE(io_msg_buf, msg->len, result->x, msg->len);
217 TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len);
218
219 /* Prepare data_t structures for multipart testing */
220 const data_t encrypted_expected = { .x = result->x,
221 .len = msg->len };
222 const data_t tag_expected = { .x = (uint8_t *) expected_tag, /* cast to conform with data_t x type */
223 .len = expected_tag_len };
224
225 for (n1 = 0; n1 <= msg->len; n1 += 1) {
226 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
227 mbedtls_test_set_step(n1 * 10000 + n1_add);
228 if (!check_multipart(&ctx, MBEDTLS_CCM_ENCRYPT,
229 iv, add, msg,
230 &encrypted_expected,
231 &tag_expected,
232 n1, n1_add)) {
233 goto exit;
234 }
235 }
236 }
237
238exit:
239 mbedtls_ccm_free(&ctx);
240 mbedtls_free(io_msg_buf);
241 mbedtls_free(tag_buf);
242 BLOCK_CIPHER_PSA_DONE();
243}
244/* END_CASE */
245
246/* BEGIN_CASE */
247void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key,
248 data_t *msg, data_t *iv, data_t *result)
249{
250 mbedtls_ccm_context ctx;
251 uint8_t *output = NULL;
252 size_t olen;
253
254 BLOCK_CIPHER_PSA_INIT();
255 mbedtls_ccm_init(&ctx);
256 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
257 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
258 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0));
259
260 TEST_CALLOC(output, msg->len);
261 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
262 TEST_EQUAL(result->len, olen);
263 TEST_MEMORY_COMPARE(output, olen, result->x, result->len);
264
265 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, NULL, 0));
266exit:
267 mbedtls_free(output);
268 mbedtls_ccm_free(&ctx);
269 BLOCK_CIPHER_PSA_DONE();
270}
271/* END_CASE */
272
273/* BEGIN_CASE */
274void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key,
275 data_t *msg, data_t *iv,
276 data_t *add, int expected_tag_len, int result,
277 data_t *expected_msg)
278{
279 mbedtls_ccm_context ctx;
280 size_t n1, n1_add;
281
282 const size_t expected_msg_len = msg->len - expected_tag_len;
283 const uint8_t *expected_tag = msg->x + expected_msg_len;
284
285 /* Prepare input/output message buffer */
286 uint8_t *io_msg_buf = NULL;
287 TEST_CALLOC(io_msg_buf, expected_msg_len);
288 if (expected_msg_len) {
289 memcpy(io_msg_buf, msg->x, expected_msg_len);
290 }
291
292 BLOCK_CIPHER_PSA_INIT();
293 mbedtls_ccm_init(&ctx);
294 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
295 /* Test with input == output */
296 TEST_EQUAL(mbedtls_ccm_auth_decrypt(&ctx, expected_msg_len, iv->x, iv->len, add->x, add->len,
297 io_msg_buf, io_msg_buf, expected_tag, expected_tag_len),
298 result);
299
300 if (result == 0) {
301 TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len);
302
303 /* Prepare data_t structures for multipart testing */
304 const data_t encrypted = { .x = msg->x,
305 .len = expected_msg_len };
306
307 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
308 .len = expected_tag_len };
309
310 for (n1 = 0; n1 <= expected_msg_len; n1 += 1) {
311 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
312 mbedtls_test_set_step(n1 * 10000 + n1_add);
313 if (!check_multipart(&ctx, MBEDTLS_CCM_DECRYPT,
314 iv, add, &encrypted,
315 expected_msg,
316 &tag_expected,
317 n1, n1_add)) {
318 goto exit;
319 }
320 }
321 }
322 } else {
323 size_t i;
324
325 for (i = 0; i < expected_msg_len; i++) {
326 TEST_EQUAL(io_msg_buf[i], 0);
327 }
328 }
329
330exit:
331 mbedtls_free(io_msg_buf);
332 mbedtls_ccm_free(&ctx);
333 BLOCK_CIPHER_PSA_DONE();
334}
335/* END_CASE */
336
337/* BEGIN_CASE */
338void mbedtls_ccm_star_encrypt_and_tag(int cipher_id,
339 data_t *key, data_t *msg,
340 data_t *source_address, data_t *frame_counter,
341 int sec_level, data_t *add,
342 data_t *expected_result, int output_ret)
343{
344 unsigned char iv[13];
345 mbedtls_ccm_context ctx;
346 size_t iv_len, expected_tag_len;
347 size_t n1, n1_add;
348 uint8_t *io_msg_buf = NULL;
349 uint8_t *tag_buf = NULL;
350
351 const uint8_t *expected_tag = expected_result->x + msg->len;
352
353 /* Calculate tag length */
354 if (sec_level % 4 == 0) {
355 expected_tag_len = 0;
356 } else {
357 expected_tag_len = 1 << (sec_level % 4 + 1);
358 }
359
360 /* Prepare input/output message buffer */
361 TEST_CALLOC(io_msg_buf, msg->len);
362 if (msg->len) {
363 memcpy(io_msg_buf, msg->x, msg->len);
364 }
365
366 /* Prepare tag buffer */
367 if (expected_tag_len == 0) {
368 TEST_CALLOC(tag_buf, 16);
369 } else {
370 TEST_CALLOC(tag_buf, expected_tag_len);
371 }
372
373 /* Calculate iv */
374 TEST_ASSERT(source_address->len == 8);
375 TEST_ASSERT(frame_counter->len == 4);
376 memcpy(iv, source_address->x, source_address->len);
377 memcpy(iv + source_address->len, frame_counter->x, frame_counter->len);
378 iv[source_address->len + frame_counter->len] = sec_level;
379 iv_len = sizeof(iv);
380
381 BLOCK_CIPHER_PSA_INIT();
382 mbedtls_ccm_init(&ctx);
383 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id,
384 key->x, key->len * 8), 0);
385 /* Test with input == output */
386 TEST_EQUAL(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg->len, iv, iv_len,
387 add->x, add->len, io_msg_buf,
388 io_msg_buf, tag_buf, expected_tag_len), output_ret);
389
390 TEST_MEMORY_COMPARE(io_msg_buf, msg->len, expected_result->x, msg->len);
391 TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len);
392
393 if (output_ret == 0) {
394 const data_t iv_data = { .x = iv,
395 .len = iv_len };
396
397 const data_t encrypted_expected = { .x = expected_result->x,
398 .len = msg->len };
399 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
400 .len = expected_tag_len };
401
402 for (n1 = 0; n1 <= msg->len; n1 += 1) {
403 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
404 mbedtls_test_set_step(n1 * 10000 + n1_add);
405 if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_ENCRYPT,
406 &iv_data, add, msg,
407 &encrypted_expected,
408 &tag_expected,
409 n1, n1_add)) {
410 goto exit;
411 }
412 }
413 }
414 }
415
416exit:
417 mbedtls_ccm_free(&ctx);
418 mbedtls_free(io_msg_buf);
419 mbedtls_free(tag_buf);
420 BLOCK_CIPHER_PSA_DONE();
421}
422/* END_CASE */
423
424/* BEGIN_CASE */
425void mbedtls_ccm_star_auth_decrypt(int cipher_id,
426 data_t *key, data_t *msg,
427 data_t *source_address, data_t *frame_counter,
428 int sec_level, data_t *add,
429 data_t *expected_result, int output_ret)
430{
431 unsigned char iv[13];
432 mbedtls_ccm_context ctx;
433 size_t iv_len, expected_tag_len;
434 size_t n1, n1_add;
435
436 /* Calculate tag length */
437 if (sec_level % 4 == 0) {
438 expected_tag_len = 0;
439 } else {
440 expected_tag_len = 1 << (sec_level % 4 + 1);
441 }
442
443 const size_t expected_msg_len = msg->len - expected_tag_len;
444 const uint8_t *expected_tag = msg->x + expected_msg_len;
445
446 /* Prepare input/output message buffer */
447 uint8_t *io_msg_buf = NULL;
448 TEST_CALLOC(io_msg_buf, expected_msg_len);
449 if (expected_msg_len) {
450 memcpy(io_msg_buf, msg->x, expected_msg_len);
451 }
452
453 /* Calculate iv */
454 memset(iv, 0x00, sizeof(iv));
455 TEST_ASSERT(source_address->len == 8);
456 TEST_ASSERT(frame_counter->len == 4);
457 memcpy(iv, source_address->x, source_address->len);
458 memcpy(iv + source_address->len, frame_counter->x, frame_counter->len);
459 iv[source_address->len + frame_counter->len] = sec_level;
460 iv_len = sizeof(iv);
461
462 BLOCK_CIPHER_PSA_INIT();
463 mbedtls_ccm_init(&ctx);
464 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0);
465 /* Test with input == output */
466 TEST_EQUAL(mbedtls_ccm_star_auth_decrypt(&ctx, expected_msg_len, iv, iv_len,
467 add->x, add->len, io_msg_buf, io_msg_buf,
468 expected_tag, expected_tag_len), output_ret);
469
470 TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len);
471
472 if (output_ret == 0) {
473 const data_t iv_data = { .x = iv,
474 .len = iv_len };
475
476 const data_t encrypted = { .x = msg->x,
477 .len = expected_msg_len };
478
479 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
480 .len = expected_tag_len };
481
482 for (n1 = 0; n1 <= expected_msg_len; n1 += 1) {
483 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
484 mbedtls_test_set_step(n1 * 10000 + n1_add);
485 if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_DECRYPT,
486 &iv_data, add, &encrypted,
487 expected_result,
488 &tag_expected,
489 n1, n1_add)) {
490 goto exit;
491 }
492 }
493 }
494 }
495
496exit:
497 mbedtls_ccm_free(&ctx);
498 mbedtls_free(io_msg_buf);
499 BLOCK_CIPHER_PSA_DONE();
500}
501/* END_CASE */
502
503/* Skip auth data, provide full text */
504/* BEGIN_CASE */
505void mbedtls_ccm_skip_ad(int cipher_id, int mode,
506 data_t *key, data_t *msg, data_t *iv,
507 data_t *result, data_t *tag)
508{
509 mbedtls_ccm_context ctx;
510 uint8_t *output = NULL;
511 size_t olen;
512
513 /* Sanity checks on the test data */
514 TEST_EQUAL(msg->len, result->len);
515
516 BLOCK_CIPHER_PSA_INIT();
517 mbedtls_ccm_init(&ctx);
518 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
519 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
520 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len));
521
522 TEST_CALLOC(output, result->len);
523 olen = 0xdeadbeef;
524 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, result->len, &olen));
525 TEST_EQUAL(result->len, olen);
526 TEST_MEMORY_COMPARE(output, olen, result->x, result->len);
527 mbedtls_free(output);
528 output = NULL;
529
530 TEST_CALLOC(output, tag->len);
531 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len));
532 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
533 mbedtls_free(output);
534 output = NULL;
535
536exit:
537 mbedtls_free(output);
538 mbedtls_ccm_free(&ctx);
539 BLOCK_CIPHER_PSA_DONE();
540}
541/* END_CASE */
542
543/* Provide auth data, skip full text */
544/* BEGIN_CASE */
545void mbedtls_ccm_skip_update(int cipher_id, int mode,
546 data_t *key, data_t *iv, data_t *add,
547 data_t *tag)
548{
549 mbedtls_ccm_context ctx;
550 uint8_t *output = NULL;
551
552 BLOCK_CIPHER_PSA_INIT();
553 mbedtls_ccm_init(&ctx);
554 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
555 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
556 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, tag->len));
557
558 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
559
560 TEST_CALLOC(output, tag->len);
561 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len));
562 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
563 mbedtls_free(output);
564 output = NULL;
565
566exit:
567 mbedtls_free(output);
568 mbedtls_ccm_free(&ctx);
569 BLOCK_CIPHER_PSA_DONE();
570}
571/* END_CASE */
572
573/* Provide too much auth data */
574/* BEGIN_CASE */
575void mbedtls_ccm_overflow_ad(int cipher_id, int mode,
576 data_t *key, data_t *iv,
577 data_t *add)
578{
579 mbedtls_ccm_context ctx;
580
581 BLOCK_CIPHER_PSA_INIT();
582 mbedtls_ccm_init(&ctx);
583 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
584 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
585 // use hardcoded values for msg length and tag length. They are not a part of this test
586 // subtract 1 from configured auth data length to provoke an overflow
587 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len - 1, 16, 16));
588
589 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
590exit:
591 mbedtls_ccm_free(&ctx);
592 BLOCK_CIPHER_PSA_DONE();
593}
594/* END_CASE */
595
596/* Provide unexpected auth data */
597/* BEGIN_CASE */
598void mbedtls_ccm_unexpected_ad(int cipher_id, int mode,
599 data_t *key, data_t *iv,
600 data_t *add)
601{
602 mbedtls_ccm_context ctx;
603
604 BLOCK_CIPHER_PSA_INIT();
605 mbedtls_ccm_init(&ctx);
606 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
607 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
608 // use hardcoded values for msg length and tag length. They are not a part of this test
609 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, 16, 16));
610
611 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
612exit:
613 mbedtls_ccm_free(&ctx);
614 BLOCK_CIPHER_PSA_DONE();
615}
616/* END_CASE */
617
618/* Provide unexpected plaintext/ciphertext data */
619/* BEGIN_CASE */
620void mbedtls_ccm_unexpected_text(int cipher_id, int mode,
621 data_t *key, data_t *msg, data_t *iv,
622 data_t *add)
623{
624 mbedtls_ccm_context ctx;
625 uint8_t *output = NULL;
626 size_t olen;
627
628 BLOCK_CIPHER_PSA_INIT();
629 mbedtls_ccm_init(&ctx);
630 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
631 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
632 // use hardcoded value for tag length. It is not a part of this test
633 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16));
634
635 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
636
637 TEST_CALLOC(output, msg->len);
638 olen = 0xdeadbeef;
639 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT,
640 mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
641exit:
642 mbedtls_free(output);
643 mbedtls_ccm_free(&ctx);
644 BLOCK_CIPHER_PSA_DONE();
645}
646/* END_CASE */
647
648/* Provide incomplete auth data and finish */
649/* BEGIN_CASE */
650void mbedtls_ccm_incomplete_ad(int cipher_id, int mode,
651 data_t *key, data_t *iv, data_t *add)
652{
653 mbedtls_ccm_context ctx;
654 uint8_t *output = NULL;
655
656 BLOCK_CIPHER_PSA_INIT();
657 mbedtls_ccm_init(&ctx);
658 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
659 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
660 // use hardcoded values for msg length and tag length. They are not a part of this test
661 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16));
662
663 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1));
664
665 TEST_CALLOC(output, 16);
666 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
667
668exit:
669 mbedtls_free(output);
670 mbedtls_ccm_free(&ctx);
671 BLOCK_CIPHER_PSA_DONE();
672}
673/* END_CASE */
674
675/* Provide complete auth data on first update_ad.
676 * Provide unexpected auth data on second update_ad */
677/* BEGIN_CASE */
678void mbedtls_ccm_full_ad_and_overflow(int cipher_id, int mode,
679 data_t *key, data_t *iv,
680 data_t *add)
681{
682 mbedtls_ccm_context ctx;
683
684 BLOCK_CIPHER_PSA_INIT();
685 mbedtls_ccm_init(&ctx);
686 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
687 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
688 // use hardcoded values for msg length and tag length. They are not a part of this test
689 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16));
690
691 // pass full auth data
692 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
693 // pass 1 extra byte
694 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, 1));
695exit:
696 mbedtls_ccm_free(&ctx);
697 BLOCK_CIPHER_PSA_DONE();
698}
699/* END_CASE */
700
701/* Provide incomplete auth data on first update_ad.
702 * Provide too much auth data on second update_ad */
703/* BEGIN_CASE */
704void mbedtls_ccm_incomplete_ad_and_overflow(int cipher_id, int mode,
705 data_t *key, data_t *iv,
706 data_t *add)
707{
708 mbedtls_ccm_context ctx;
709 uint8_t add_second_buffer[2];
710
711 add_second_buffer[0] = add->x[add->len - 1];
712 add_second_buffer[1] = 0xAB; // some magic value
713
714 BLOCK_CIPHER_PSA_INIT();
715 mbedtls_ccm_init(&ctx);
716 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
717 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
718 // use hardcoded values for msg length and tag length. They are not a part of this test
719 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16));
720
721 // pass incomplete auth data
722 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1));
723 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
724 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add_second_buffer, 2));
725exit:
726 mbedtls_ccm_free(&ctx);
727 BLOCK_CIPHER_PSA_DONE();
728}
729/* END_CASE */
730
731/* Provide too much plaintext/ciphertext */
732/* BEGIN_CASE */
733void mbedtls_ccm_overflow_update(int cipher_id, int mode,
734 data_t *key, data_t *msg, data_t *iv,
735 data_t *add)
736{
737 mbedtls_ccm_context ctx;
738 uint8_t *output = NULL;
739 size_t olen;
740
741 BLOCK_CIPHER_PSA_INIT();
742 mbedtls_ccm_init(&ctx);
743 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
744 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
745 // use hardcoded value for tag length. It is a not a part of this test
746 // subtract 1 from configured msg length to provoke an overflow
747 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len - 1, 16));
748
749 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
750
751 TEST_CALLOC(output, msg->len);
752 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
753 mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
754exit:
755 mbedtls_free(output);
756 mbedtls_ccm_free(&ctx);
757 BLOCK_CIPHER_PSA_DONE();
758}
759/* END_CASE */
760
761/* Provide incomplete plaintext/ciphertext and finish */
762/* BEGIN_CASE */
763void mbedtls_ccm_incomplete_update(int cipher_id, int mode,
764 data_t *key, data_t *msg, data_t *iv,
765 data_t *add)
766{
767 mbedtls_ccm_context ctx;
768 uint8_t *output = NULL;
769 size_t olen;
770
771 BLOCK_CIPHER_PSA_INIT();
772 mbedtls_ccm_init(&ctx);
773 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
774 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
775 // use hardcoded value for tag length. It is not a part of this test
776 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
777
778 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
779
780 TEST_CALLOC(output, msg->len);
781 olen = 0xdeadbeef;
782 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len, &olen));
783 mbedtls_free(output);
784 output = NULL;
785
786 TEST_CALLOC(output, 16);
787 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
788
789exit:
790 mbedtls_free(output);
791 mbedtls_ccm_free(&ctx);
792 BLOCK_CIPHER_PSA_DONE();
793}
794/* END_CASE */
795
796/* Provide full plaintext/ciphertext of first update
797 * Provide unexpected plaintext/ciphertext on second update */
798/* BEGIN_CASE */
799void mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode,
800 data_t *key, data_t *msg, data_t *iv,
801 data_t *add)
802{
803 mbedtls_ccm_context ctx;
804 uint8_t *output = NULL;
805 size_t olen;
806
807 BLOCK_CIPHER_PSA_INIT();
808 mbedtls_ccm_init(&ctx);
809 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
810 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
811 // use hardcoded value for tag length. It is a not a part of this test
812 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
813
814 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
815
816 TEST_CALLOC(output, msg->len);
817 // pass full text
818 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
819 // pass 1 extra byte
820 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
821 mbedtls_ccm_update(&ctx, msg->x, 1, output, 1, &olen));
822exit:
823 mbedtls_free(output);
824 mbedtls_ccm_free(&ctx);
825 BLOCK_CIPHER_PSA_DONE();
826}
827/* END_CASE */
828
829/* Provide incomplete plaintext/ciphertext of first update
830 * Provide too much plaintext/ciphertext on second update */
831/* BEGIN_CASE */
832void mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode,
833 data_t *key, data_t *msg, data_t *iv,
834 data_t *add)
835{
836 mbedtls_ccm_context ctx;
837 uint8_t *output = NULL;
838 size_t olen;
839 uint8_t msg_second_buffer[2];
840
841 msg_second_buffer[0] = msg->x[msg->len - 1];
842 msg_second_buffer[1] = 0xAB; // some magic value
843
844 BLOCK_CIPHER_PSA_INIT();
845 mbedtls_ccm_init(&ctx);
846 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
847 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
848 // use hardcoded value for tag length. It is a not a part of this test
849 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
850
851 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
852
853 TEST_CALLOC(output, msg->len + 1);
854 // pass incomplete text
855 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen));
856 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
857 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
858 mbedtls_ccm_update(&ctx, msg_second_buffer, 2, output + msg->len - 1, 2, &olen));
859exit:
860 mbedtls_free(output);
861 mbedtls_ccm_free(&ctx);
862 BLOCK_CIPHER_PSA_DONE();
863}
864/* END_CASE */
865
866/* Finish without passing any auth data or plaintext/ciphertext input */
867/* BEGIN_CASE */
868void mbedtls_ccm_instant_finish(int cipher_id, int mode,
869 data_t *key, data_t *iv)
870{
871 mbedtls_ccm_context ctx;
872 uint8_t *output = NULL;
873
874 BLOCK_CIPHER_PSA_INIT();
875 mbedtls_ccm_init(&ctx);
876 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
877 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
878 // use hardcoded values for add length, msg length and tag length.
879 // They are not a part of this test
880 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 16, 16, 16));
881
882 TEST_CALLOC(output, 16);
883 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
884
885exit:
886 mbedtls_free(output);
887 mbedtls_ccm_free(&ctx);
888 BLOCK_CIPHER_PSA_DONE();
889}
890/* END_CASE */