TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 71159f45ab8850eafb75a8f5ecb38a871b56a89b / . / tests / suites / test_suite_ccm.function
blob: 8c5e6abb5608e6307806d635ecb56a587d782e6c [file] [log] [blame]
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ccm.h"
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]3
4/* Use the multipart interface to process the encrypted data in two parts
5 * and check that the output matches the expected output.
6 * The context must have been set up with the key. */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]7static int check_multipart(mbedtls_ccm_context *ctx,
8 int mode,
9 const data_t *iv,
10 const data_t *add,
11 const data_t *input,
12 const data_t *expected_output,
13 const data_t *tag,
14 size_t n1,
15 size_t n1_add)
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]16{
17 int ok = 0;
18 uint8_t *output = NULL;
19 size_t n2 = input->len - n1;
20 size_t n2_add = add->len - n1_add;
21 size_t olen;
22
23 /* Sanity checks on the test data */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]24 TEST_ASSERT(n1 <= input->len);
25 TEST_ASSERT(n1_add <= add->len);
26 TEST_EQUAL(input->len, expected_output->len);
27 TEST_EQUAL(0, mbedtls_ccm_starts(ctx, mode, iv->x, iv->len));
28 TEST_EQUAL(0, mbedtls_ccm_set_lengths(ctx, add->len, input->len, tag->len));
29 TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x, n1_add));
30 TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x + n1_add, n2_add));
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]31
32 /* Allocate a tight buffer for each update call. This way, if the function
33 * tries to write beyond the advertised required buffer size, this will
34 * count as an overflow for memory sanitizers and static checkers. */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]35 ASSERT_ALLOC(output, n1);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]36 olen = 0xdeadbeef;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]37 TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x, n1, output, n1, &olen));
38 TEST_EQUAL(n1, olen);
39 ASSERT_COMPARE(output, olen, expected_output->x, n1);
40 mbedtls_free(output);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]41 output = NULL;
42
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]43 ASSERT_ALLOC(output, n2);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]44 olen = 0xdeadbeef;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]45 TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x + n1, n2, output, n2, &olen));
46 TEST_EQUAL(n2, olen);
47 ASSERT_COMPARE(output, olen, expected_output->x + n1, n2);
48 mbedtls_free(output);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]49 output = NULL;
50
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]51 ASSERT_ALLOC(output, tag->len);
52 TEST_EQUAL(0, mbedtls_ccm_finish(ctx, output, tag->len));
53 ASSERT_COMPARE(output, tag->len, tag->x, tag->len);
54 mbedtls_free(output);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]55 output = NULL;
56
57 ok = 1;
58exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]59 mbedtls_free(output);
60 return ok;
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]61}
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]62/* END_HEADER */
63
64/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]65 * depends_on:MBEDTLS_CCM_C
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]66 * END_DEPENDENCIES
67 */
68
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]69/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]70void mbedtls_ccm_self_test()
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]71{
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]72 TEST_ASSERT(mbedtls_ccm_self_test(1) == 0);
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]73}
74/* END_CASE */
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]75
76/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]77void mbedtls_ccm_setkey(int cipher_id, int key_size, int result)
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]78{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79 mbedtls_ccm_context ctx;
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]80 unsigned char key[32];
81 int ret;
82
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]83 mbedtls_ccm_init(&ctx);
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]84
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]85 memset(key, 0x2A, sizeof(key));
86 TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]87
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]88 ret = mbedtls_ccm_setkey(&ctx, cipher_id, key, key_size);
89 TEST_ASSERT(ret == result);
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]90
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]91exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]92 mbedtls_ccm_free(&ctx);
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]93}
94/* END_CASE */
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]95
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]96/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]97void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res)
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]98{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]99 mbedtls_ccm_context ctx;
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]100 unsigned char key[16];
101 unsigned char msg[10];
102 unsigned char iv[14];
Dave Rodgman2e680342020-10-15 14:00:40 +0100[diff] [blame]103 unsigned char *add = NULL;
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]104 unsigned char out[10];
105 unsigned char tag[18];
106 int decrypt_ret;
107
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]108 mbedtls_ccm_init(&ctx);
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]109
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]110 ASSERT_ALLOC_WEAK(add, add_len);
111 memset(key, 0, sizeof(key));
112 memset(msg, 0, sizeof(msg));
113 memset(iv, 0, sizeof(iv));
114 memset(out, 0, sizeof(out));
115 memset(tag, 0, sizeof(tag));
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]116
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]117 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
118 key, 8 * sizeof(key)) == 0);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]119
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]120 TEST_ASSERT(mbedtls_ccm_encrypt_and_tag(&ctx, msg_len, iv, iv_len, add, add_len,
121 msg, out, tag, tag_len) == res);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]122
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]123 decrypt_ret = mbedtls_ccm_auth_decrypt(&ctx, msg_len, iv, iv_len, add, add_len,
124 msg, out, tag, tag_len);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]125
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]126 if (res == 0) {
127 TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED);
128 } else {
129 TEST_ASSERT(decrypt_ret == res);
130 }
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]131
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]132exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]133 mbedtls_free(add);
134 mbedtls_ccm_free(&ctx);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]135}
136/* END_CASE */
137
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]138/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]139void ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len,
140 int res)
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]141{
142 mbedtls_ccm_context ctx;
143 unsigned char key[16];
144 unsigned char msg[10];
145 unsigned char iv[14];
146 unsigned char add[10];
147 unsigned char out[10];
148 unsigned char tag[18];
149 int decrypt_ret;
150
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]151 mbedtls_ccm_init(&ctx);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]152
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]153 memset(key, 0, sizeof(key));
154 memset(msg, 0, sizeof(msg));
155 memset(iv, 0, sizeof(iv));
156 memset(add, 0, sizeof(add));
157 memset(out, 0, sizeof(out));
158 memset(tag, 0, sizeof(tag));
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]159
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]160 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
161 key, 8 * sizeof(key)) == 0);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]162
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]163 TEST_ASSERT(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg_len, iv, iv_len,
164 add, add_len, msg, out, tag, tag_len) == res);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]165
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]166 decrypt_ret = mbedtls_ccm_star_auth_decrypt(&ctx, msg_len, iv, iv_len, add,
167 add_len, msg, out, tag, tag_len);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]168
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]169 if (res == 0 && tag_len != 0) {
170 TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED);
171 } else {
172 TEST_ASSERT(decrypt_ret == res);
173 }
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]174
175exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]176 mbedtls_ccm_free(&ctx);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]177}
178/* END_CASE */
179
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]180/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]181void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key,
182 data_t *msg, data_t *iv,
183 data_t *add, data_t *result)
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]184{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]185 mbedtls_ccm_context ctx;
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]186 size_t n1, n1_add;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]187 uint8_t *io_msg_buf = NULL;
188 uint8_t *tag_buf = NULL;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]189 const size_t expected_tag_len = result->len - msg->len;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]190 const uint8_t *expected_tag = result->x + msg->len;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]191
192 /* Prepare input/output message buffer */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]193 ASSERT_ALLOC(io_msg_buf, msg->len);
194 if (msg->len != 0) {
195 memcpy(io_msg_buf, msg->x, msg->len);
196 }
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]197
198 /* Prepare tag buffer */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]199 ASSERT_ALLOC(tag_buf, expected_tag_len);
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]200
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]201 mbedtls_ccm_init(&ctx);
202 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
Manuel Pégourié-Gonnard0f6b66d2014-05-07 14:43:46 +0200[diff] [blame]203 /* Test with input == output */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]204 TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len,
205 io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), 0);
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]206
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]207 ASSERT_COMPARE(io_msg_buf, msg->len, result->x, msg->len);
208 ASSERT_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len);
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]209
Mateusz Starzykceb5bc62021-07-30 14:36:22 +0200[diff] [blame]210 /* Prepare data_t structures for multipart testing */
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]211 const data_t encrypted_expected = { .x = result->x,
212 .len = msg->len };
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]213 const data_t tag_expected = { .x = (uint8_t *) expected_tag, /* cast to conform with data_t x type */
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]214 .len = expected_tag_len };
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]215
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]216 for (n1 = 0; n1 <= msg->len; n1 += 1) {
217 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
218 mbedtls_test_set_step(n1 * 10000 + n1_add);
219 if (!check_multipart(&ctx, MBEDTLS_CCM_ENCRYPT,
220 iv, add, msg,
221 &encrypted_expected,
222 &tag_expected,
223 n1, n1_add)) {
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]224 goto exit;
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]225 }
226 }
227 }
228
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]229exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]230 mbedtls_ccm_free(&ctx);
231 mbedtls_free(io_msg_buf);
232 mbedtls_free(tag_buf);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]233}
234/* END_CASE */
235
236/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]237void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key,
238 data_t *msg, data_t *iv, data_t *result)
239{
240 mbedtls_ccm_context ctx;
241 uint8_t *output = NULL;
242 size_t olen;
243
244 mbedtls_ccm_init(&ctx);
245 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
246 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
247 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0));
248
249 ASSERT_ALLOC(output, msg->len);
250 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
251 TEST_EQUAL(result->len, olen);
252 ASSERT_COMPARE(output, olen, result->x, result->len);
253
254 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, NULL, 0));
255exit:
256 mbedtls_free(output);
257 mbedtls_ccm_free(&ctx);
258}
259/* END_CASE */
260
261/* BEGIN_CASE */
262void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key,
263 data_t *msg, data_t *iv,
264 data_t *add, int expected_tag_len, int result,
265 data_t *expected_msg)
266{
267 mbedtls_ccm_context ctx;
268 size_t n1, n1_add;
269
270 const size_t expected_msg_len = msg->len - expected_tag_len;
271 const uint8_t *expected_tag = msg->x + expected_msg_len;
272
273 /* Prepare input/output message buffer */
274 uint8_t *io_msg_buf = NULL;
275 ASSERT_ALLOC(io_msg_buf, expected_msg_len);
276 if (expected_msg_len) {
277 memcpy(io_msg_buf, msg->x, expected_msg_len);
278 }
279
280 mbedtls_ccm_init(&ctx);
281 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
282 /* Test with input == output */
283 TEST_EQUAL(mbedtls_ccm_auth_decrypt(&ctx, expected_msg_len, iv->x, iv->len, add->x, add->len,
284 io_msg_buf, io_msg_buf, expected_tag, expected_tag_len),
285 result);
286
287 if (result == 0) {
288 ASSERT_COMPARE(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len);
289
290 /* Prepare data_t structures for multipart testing */
291 const data_t encrypted = { .x = msg->x,
292 .len = expected_msg_len };
293
294 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
295 .len = expected_tag_len };
296
297 for (n1 = 0; n1 <= expected_msg_len; n1 += 1) {
298 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
299 mbedtls_test_set_step(n1 * 10000 + n1_add);
300 if (!check_multipart(&ctx, MBEDTLS_CCM_DECRYPT,
301 iv, add, &encrypted,
302 expected_msg,
303 &tag_expected,
304 n1, n1_add)) {
305 goto exit;
306 }
307 }
308 }
309 } else {
310 size_t i;
311
312 for (i = 0; i < expected_msg_len; i++) {
313 TEST_EQUAL(io_msg_buf[i], 0);
314 }
315 }
316
317exit:
318 mbedtls_free(io_msg_buf);
319 mbedtls_ccm_free(&ctx);
320}
321/* END_CASE */
322
323/* BEGIN_CASE */
324void mbedtls_ccm_star_encrypt_and_tag(int cipher_id,
325 data_t *key, data_t *msg,
326 data_t *source_address, data_t *frame_counter,
327 int sec_level, data_t *add,
328 data_t *expected_result, int output_ret)
329{
330 unsigned char iv[13];
331 mbedtls_ccm_context ctx;
332 size_t iv_len, expected_tag_len;
333 size_t n1, n1_add;
334 uint8_t *io_msg_buf = NULL;
335 uint8_t *tag_buf = NULL;
336
337 const uint8_t *expected_tag = expected_result->x + msg->len;
338
339 /* Calculate tag length */
340 if (sec_level % 4 == 0) {
341 expected_tag_len = 0;
342 } else {
343 expected_tag_len = 1 << (sec_level % 4 + 1);
344 }
345
346 /* Prepare input/output message buffer */
347 ASSERT_ALLOC(io_msg_buf, msg->len);
348 if (msg->len) {
349 memcpy(io_msg_buf, msg->x, msg->len);
350 }
351
352 /* Prepare tag buffer */
353 if (expected_tag_len == 0) {
354 ASSERT_ALLOC(tag_buf, 16);
355 } else {
356 ASSERT_ALLOC(tag_buf, expected_tag_len);
357 }
358
359 /* Calculate iv */
360 TEST_ASSERT(source_address->len == 8);
361 TEST_ASSERT(frame_counter->len == 4);
362 memcpy(iv, source_address->x, source_address->len);
363 memcpy(iv + source_address->len, frame_counter->x, frame_counter->len);
364 iv[source_address->len + frame_counter->len] = sec_level;
365 iv_len = sizeof(iv);
366
367 mbedtls_ccm_init(&ctx);
368 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id,
369 key->x, key->len * 8), 0);
370 /* Test with input == output */
371 TEST_EQUAL(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg->len, iv, iv_len,
372 add->x, add->len, io_msg_buf,
373 io_msg_buf, tag_buf, expected_tag_len), output_ret);
374
375 ASSERT_COMPARE(io_msg_buf, msg->len, expected_result->x, msg->len);
376 ASSERT_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len);
377
378 if (output_ret == 0) {
379 const data_t iv_data = { .x = iv,
380 .len = iv_len };
381
382 const data_t encrypted_expected = { .x = expected_result->x,
383 .len = msg->len };
384 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
385 .len = expected_tag_len };
386
387 for (n1 = 0; n1 <= msg->len; n1 += 1) {
388 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
389 mbedtls_test_set_step(n1 * 10000 + n1_add);
390 if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_ENCRYPT,
391 &iv_data, add, msg,
392 &encrypted_expected,
393 &tag_expected,
394 n1, n1_add)) {
395 goto exit;
396 }
397 }
398 }
399 }
400
401exit:
402 mbedtls_ccm_free(&ctx);
403 mbedtls_free(io_msg_buf);
404 mbedtls_free(tag_buf);
405}
406/* END_CASE */
407
408/* BEGIN_CASE */
409void mbedtls_ccm_star_auth_decrypt(int cipher_id,
410 data_t *key, data_t *msg,
411 data_t *source_address, data_t *frame_counter,
412 int sec_level, data_t *add,
413 data_t *expected_result, int output_ret)
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]414{
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]415 unsigned char iv[13];
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]416 mbedtls_ccm_context ctx;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]417 size_t iv_len, expected_tag_len;
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]418 size_t n1, n1_add;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]419
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]420 /* Calculate tag length */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]421 if (sec_level % 4 == 0) {
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]422 expected_tag_len = 0;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]423 } else {
424 expected_tag_len = 1 << (sec_level % 4 + 1);
425 }
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]426
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]427 const size_t expected_msg_len = msg->len - expected_tag_len;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]428 const uint8_t *expected_tag = msg->x + expected_msg_len;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]429
430 /* Prepare input/output message buffer */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]431 uint8_t *io_msg_buf = NULL;
432 ASSERT_ALLOC(io_msg_buf, expected_msg_len);
433 if (expected_msg_len) {
434 memcpy(io_msg_buf, msg->x, expected_msg_len);
435 }
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]436
437 /* Calculate iv */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]438 memset(iv, 0x00, sizeof(iv));
439 TEST_ASSERT(source_address->len == 8);
440 TEST_ASSERT(frame_counter->len == 4);
441 memcpy(iv, source_address->x, source_address->len);
442 memcpy(iv + source_address->len, frame_counter->x, frame_counter->len);
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]443 iv[source_address->len + frame_counter->len] = sec_level;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]444 iv_len = sizeof(iv);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]445
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]446 mbedtls_ccm_init(&ctx);
447 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0);
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]448 /* Test with input == output */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]449 TEST_EQUAL(mbedtls_ccm_star_auth_decrypt(&ctx, expected_msg_len, iv, iv_len,
450 add->x, add->len, io_msg_buf, io_msg_buf,
451 expected_tag, expected_tag_len), output_ret);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]452
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]453 ASSERT_COMPARE(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]454
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]455 if (output_ret == 0) {
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]456 const data_t iv_data = { .x = iv,
457 .len = iv_len };
458
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]459 const data_t encrypted = { .x = msg->x,
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]460 .len = expected_msg_len };
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]461
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]462 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]463 .len = expected_tag_len };
464
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]465 for (n1 = 0; n1 <= expected_msg_len; n1 += 1) {
466 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
467 mbedtls_test_set_step(n1 * 10000 + n1_add);
468 if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_DECRYPT,
469 &iv_data, add, &encrypted,
470 expected_result,
471 &tag_expected,
472 n1, n1_add)) {
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]473 goto exit;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]474 }
475 }
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]476 }
477 }
478
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]479exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]480 mbedtls_ccm_free(&ctx);
481 mbedtls_free(io_msg_buf);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]482}
483/* END_CASE */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]484
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]485/* Skip auth data, provide full text */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]486/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]487void mbedtls_ccm_skip_ad(int cipher_id, int mode,
488 data_t *key, data_t *msg, data_t *iv,
489 data_t *result, data_t *tag)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]490{
491 mbedtls_ccm_context ctx;
492 uint8_t *output = NULL;
493 size_t olen;
494
495 /* Sanity checks on the test data */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]496 TEST_EQUAL(msg->len, result->len);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]497
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]498 mbedtls_ccm_init(&ctx);
499 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
500 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
501 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]502
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]503 ASSERT_ALLOC(output, result->len);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]504 olen = 0xdeadbeef;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]505 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, result->len, &olen));
506 TEST_EQUAL(result->len, olen);
507 ASSERT_COMPARE(output, olen, result->x, result->len);
508 mbedtls_free(output);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]509 output = NULL;
510
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]511 ASSERT_ALLOC(output, tag->len);
512 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len));
513 ASSERT_COMPARE(output, tag->len, tag->x, tag->len);
514 mbedtls_free(output);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]515 output = NULL;
516
517exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]518 mbedtls_free(output);
519 mbedtls_ccm_free(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]520}
521/* END_CASE */
522
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]523/* Provide auth data, skip full text */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]524/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]525void mbedtls_ccm_skip_update(int cipher_id, int mode,
526 data_t *key, data_t *iv, data_t *add,
527 data_t *tag)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]528{
529 mbedtls_ccm_context ctx;
530 uint8_t *output = NULL;
531
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]532 mbedtls_ccm_init(&ctx);
533 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
534 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
535 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, tag->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]536
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]537 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]538
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]539 ASSERT_ALLOC(output, tag->len);
540 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len));
541 ASSERT_COMPARE(output, tag->len, tag->x, tag->len);
542 mbedtls_free(output);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]543 output = NULL;
544
545exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]546 mbedtls_free(output);
547 mbedtls_ccm_free(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]548}
549/* END_CASE */
550
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]551/* Provide too much auth data */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]552/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]553void mbedtls_ccm_overflow_ad(int cipher_id, int mode,
554 data_t *key, data_t *iv,
555 data_t *add)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]556{
557 mbedtls_ccm_context ctx;
558
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]559 mbedtls_ccm_init(&ctx);
560 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
561 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]562 // use hardcoded values for msg length and tag length. They are not a part of this test
Mateusz Starzyk3050f052021-09-02 12:38:51 +0200[diff] [blame]563 // subtract 1 from configured auth data length to provoke an overflow
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]564 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len - 1, 16, 16));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]565
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]566 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]567exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]568 mbedtls_ccm_free(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]569}
570/* END_CASE */
571
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]572/* Provide unexpected auth data */
573/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]574void mbedtls_ccm_unexpected_ad(int cipher_id, int mode,
575 data_t *key, data_t *iv,
576 data_t *add)
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]577{
578 mbedtls_ccm_context ctx;
579
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]580 mbedtls_ccm_init(&ctx);
581 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
582 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]583 // use hardcoded values for msg length and tag length. They are not a part of this test
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]584 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, 16, 16));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]585
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]586 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]587exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]588 mbedtls_ccm_free(&ctx);
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]589}
590/* END_CASE */
591
592/* Provide unexpected plaintext/ciphertext data */
593/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]594void mbedtls_ccm_unexpected_text(int cipher_id, int mode,
595 data_t *key, data_t *msg, data_t *iv,
596 data_t *add)
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]597{
598 mbedtls_ccm_context ctx;
599 uint8_t *output = NULL;
600 size_t olen;
601
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]602 mbedtls_ccm_init(&ctx);
603 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
604 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]605 // use hardcoded value for tag length. It is not a part of this test
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]606 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]607
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]608 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]609
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]610 ASSERT_ALLOC(output, msg->len);
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]611 olen = 0xdeadbeef;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]612 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT,
613 mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]614exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]615 mbedtls_free(output);
616 mbedtls_ccm_free(&ctx);
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]617}
618/* END_CASE */
619
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]620/* Provide incomplete auth data and finish */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]621/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]622void mbedtls_ccm_incomplete_ad(int cipher_id, int mode,
623 data_t *key, data_t *iv, data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]624{
625 mbedtls_ccm_context ctx;
626 uint8_t *output = NULL;
627
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]628 mbedtls_ccm_init(&ctx);
629 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
630 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]631 // use hardcoded values for msg length and tag length. They are not a part of this test
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]632 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]633
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]634 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]635
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]636 ASSERT_ALLOC(output, 16);
637 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]638
639exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]640 mbedtls_free(output);
641 mbedtls_ccm_free(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]642}
643/* END_CASE */
644
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]645/* Provide complete auth data on first update_ad.
646 * Provide unexpected auth data on second update_ad */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]647/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]648void mbedtls_ccm_full_ad_and_overflow(int cipher_id, int mode,
649 data_t *key, data_t *iv,
650 data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]651{
652 mbedtls_ccm_context ctx;
653
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]654 mbedtls_ccm_init(&ctx);
655 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
656 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]657 // use hardcoded values for msg length and tag length. They are not a part of this test
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]658 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]659
660 // pass full auth data
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]661 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]662 // pass 1 extra byte
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]663 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, 1));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]664exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]665 mbedtls_ccm_free(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]666}
667/* END_CASE */
668
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]669/* Provide incomplete auth data on first update_ad.
670 * Provide too much auth data on second update_ad */
671/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]672void mbedtls_ccm_incomplete_ad_and_overflow(int cipher_id, int mode,
673 data_t *key, data_t *iv,
674 data_t *add)
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]675{
676 mbedtls_ccm_context ctx;
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]677 uint8_t add_second_buffer[2];
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]678
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]679 add_second_buffer[0] = add->x[add->len - 1];
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]680 add_second_buffer[1] = 0xAB; // some magic value
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]681
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]682 mbedtls_ccm_init(&ctx);
683 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
684 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]685 // use hardcoded values for msg length and tag length. They are not a part of this test
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]686 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]687
688 // pass incomplete auth data
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]689 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]690 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]691 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add_second_buffer, 2));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]692exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]693 mbedtls_ccm_free(&ctx);
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]694}
695/* END_CASE */
696
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]697/* Provide too much plaintext/ciphertext */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]698/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]699void mbedtls_ccm_overflow_update(int cipher_id, int mode,
700 data_t *key, data_t *msg, data_t *iv,
701 data_t *add)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]702{
703 mbedtls_ccm_context ctx;
704 uint8_t *output = NULL;
705 size_t olen;
706
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]707 mbedtls_ccm_init(&ctx);
708 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
709 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]710 // use hardcoded value for tag length. It is a not a part of this test
Mateusz Starzyk3050f052021-09-02 12:38:51 +0200[diff] [blame]711 // subtract 1 from configured msg length to provoke an overflow
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]712 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len - 1, 16));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]713
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]714 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]715
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]716 ASSERT_ALLOC(output, msg->len);
717 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
718 mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]719exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]720 mbedtls_free(output);
721 mbedtls_ccm_free(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]722}
723/* END_CASE */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]724
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]725/* Provide incomplete plaintext/ciphertext and finish */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]726/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]727void mbedtls_ccm_incomplete_update(int cipher_id, int mode,
728 data_t *key, data_t *msg, data_t *iv,
729 data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]730{
731 mbedtls_ccm_context ctx;
732 uint8_t *output = NULL;
733 size_t olen;
734
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]735 mbedtls_ccm_init(&ctx);
736 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
737 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]738 // use hardcoded value for tag length. It is not a part of this test
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]739 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]740
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]741 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]742
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]743 ASSERT_ALLOC(output, msg->len);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]744 olen = 0xdeadbeef;
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]745 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len, &olen));
746 mbedtls_free(output);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]747 output = NULL;
748
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]749 ASSERT_ALLOC(output, 16);
750 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]751
752exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]753 mbedtls_free(output);
754 mbedtls_ccm_free(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]755}
756/* END_CASE */
757
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]758/* Provide full plaintext/ciphertext of first update
759 * Provide unexpected plaintext/ciphertext on second update */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]760/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]761void mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode,
762 data_t *key, data_t *msg, data_t *iv,
763 data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]764{
765 mbedtls_ccm_context ctx;
766 uint8_t *output = NULL;
767 size_t olen;
768
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]769 mbedtls_ccm_init(&ctx);
770 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
771 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]772 // use hardcoded value for tag length. It is a not a part of this test
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]773 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]774
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]775 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]776
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]777 ASSERT_ALLOC(output, msg->len);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]778 // pass full text
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]779 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]780 // pass 1 extra byte
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]781 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
782 mbedtls_ccm_update(&ctx, msg->x, 1, output, 1, &olen));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]783exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]784 mbedtls_free(output);
785 mbedtls_ccm_free(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]786}
787/* END_CASE */
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]788
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]789/* Provide incomplete plaintext/ciphertext of first update
790 * Provide too much plaintext/ciphertext on second update */
791/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]792void mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode,
793 data_t *key, data_t *msg, data_t *iv,
794 data_t *add)
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]795{
796 mbedtls_ccm_context ctx;
797 uint8_t *output = NULL;
798 size_t olen;
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]799 uint8_t msg_second_buffer[2];
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]800
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]801 msg_second_buffer[0] = msg->x[msg->len - 1];
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]802 msg_second_buffer[1] = 0xAB; // some magic value
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]803
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]804 mbedtls_ccm_init(&ctx);
805 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
806 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]807 // use hardcoded value for tag length. It is a not a part of this test
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]808 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]809
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]810 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]811
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]812 ASSERT_ALLOC(output, msg->len + 1);
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]813 // pass incomplete text
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]814 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]815 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]816 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
817 mbedtls_ccm_update(&ctx, msg_second_buffer, 2, output + msg->len - 1, 2, &olen));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]818exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]819 mbedtls_free(output);
820 mbedtls_ccm_free(&ctx);
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]821}
822/* END_CASE */
823
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]824/* Finish without passing any auth data or plaintext/ciphertext input */
825/* BEGIN_CASE */
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]826void mbedtls_ccm_instant_finish(int cipher_id, int mode,
827 data_t *key, data_t *iv)
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]828{
829 mbedtls_ccm_context ctx;
830 uint8_t *output = NULL;
831
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]832 mbedtls_ccm_init(&ctx);
833 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
834 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]835 // use hardcoded values for add length, msg length and tag length.
836 // They are not a part of this test
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]837 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 16, 16, 16));
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]838
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]839 ASSERT_ALLOC(output, 16);
840 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]841
842exit:
David Horstmann71159f42023-01-03 12:51:59 +0000[diff] [blame^]843 mbedtls_free(output);
844 mbedtls_ccm_free(&ctx);
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]845}
846/* END_CASE */