TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / HEAD / . / tests / suites / test_suite_ccm.function
blob: 798be7701393e5f9a69ce3ee50d97ba9e9e5e7f2 [file] [log] [blame]
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ccm.h"
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]3
4/* Use the multipart interface to process the encrypted data in two parts
5 * and check that the output matches the expected output.
6 * The context must have been set up with the key. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]7static int check_multipart(mbedtls_ccm_context *ctx,
8 int mode,
9 const data_t *iv,
10 const data_t *add,
11 const data_t *input,
12 const data_t *expected_output,
13 const data_t *tag,
14 size_t n1,
15 size_t n1_add)
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]16{
17 int ok = 0;
18 uint8_t *output = NULL;
19 size_t n2 = input->len - n1;
20 size_t n2_add = add->len - n1_add;
21 size_t olen;
22
23 /* Sanity checks on the test data */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]24 TEST_ASSERT(n1 <= input->len);
25 TEST_ASSERT(n1_add <= add->len);
26 TEST_EQUAL(input->len, expected_output->len);
27 TEST_EQUAL(0, mbedtls_ccm_starts(ctx, mode, iv->x, iv->len));
28 TEST_EQUAL(0, mbedtls_ccm_set_lengths(ctx, add->len, input->len, tag->len));
29 TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x, n1_add));
30 TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x + n1_add, n2_add));
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]31
32 /* Allocate a tight buffer for each update call. This way, if the function
33 * tries to write beyond the advertised required buffer size, this will
34 * count as an overflow for memory sanitizers and static checkers. */
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]35 TEST_CALLOC(output, n1);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]36 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]37 TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x, n1, output, n1, &olen));
38 TEST_EQUAL(n1, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]39 TEST_MEMORY_COMPARE(output, olen, expected_output->x, n1);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]40 mbedtls_free(output);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]41 output = NULL;
42
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]43 TEST_CALLOC(output, n2);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]44 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]45 TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x + n1, n2, output, n2, &olen));
46 TEST_EQUAL(n2, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]47 TEST_MEMORY_COMPARE(output, olen, expected_output->x + n1, n2);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]48 mbedtls_free(output);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]49 output = NULL;
50
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]51 TEST_CALLOC(output, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]52 TEST_EQUAL(0, mbedtls_ccm_finish(ctx, output, tag->len));
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]53 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]54 mbedtls_free(output);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]55 output = NULL;
56
57 ok = 1;
58exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]59 mbedtls_free(output);
60 return ok;
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]61}
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]62/* END_HEADER */
63
64/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]65 * depends_on:MBEDTLS_CCM_C
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]66 * END_DEPENDENCIES
67 */
68
Valerio Setti689c0f72023-12-20 09:53:39 +0100[diff] [blame]69/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_CCM_GCM_CAN_AES */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]70void mbedtls_ccm_self_test()
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]71{
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]72 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]73 TEST_ASSERT(mbedtls_ccm_self_test(1) == 0);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]74 BLOCK_CIPHER_PSA_DONE();
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]75}
76/* END_CASE */
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]77
78/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]79void mbedtls_ccm_setkey(int cipher_id, int key_size, int result)
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]80{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]81 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]82 mbedtls_ccm_init(&ctx);
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]83 unsigned char key[32];
84 int ret;
85
Valerio Setti45c84fe2023-12-20 09:54:39 +0100[diff] [blame]86 BLOCK_CIPHER_PSA_INIT();
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]87
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]88 memset(key, 0x2A, sizeof(key));
89 TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]90
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]91 ret = mbedtls_ccm_setkey(&ctx, cipher_id, key, key_size);
92 TEST_ASSERT(ret == result);
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]93
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]94exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]95 mbedtls_ccm_free(&ctx);
Valerio Setti45c84fe2023-12-20 09:54:39 +0100[diff] [blame]96 BLOCK_CIPHER_PSA_DONE();
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]97}
98/* END_CASE */
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]99
Valerio Setti689c0f72023-12-20 09:53:39 +0100[diff] [blame]100/* BEGIN_CASE depends_on:MBEDTLS_CCM_GCM_CAN_AES */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]101void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res)
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]102{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]103 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]104 mbedtls_ccm_init(&ctx);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]105 unsigned char key[16];
106 unsigned char msg[10];
107 unsigned char iv[14];
Dave Rodgman2e680342020-10-15 14:00:40 +0100[diff] [blame]108 unsigned char *add = NULL;
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]109 unsigned char out[10];
110 unsigned char tag[18];
111 int decrypt_ret;
112
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]113 BLOCK_CIPHER_PSA_INIT();
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]114
Tom Cosgrove412a8132023-07-20 16:55:14 +0100[diff] [blame]115 TEST_CALLOC_OR_SKIP(add, add_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]116 memset(key, 0, sizeof(key));
117 memset(msg, 0, sizeof(msg));
118 memset(iv, 0, sizeof(iv));
119 memset(out, 0, sizeof(out));
120 memset(tag, 0, sizeof(tag));
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]121
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]122 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
123 key, 8 * sizeof(key)) == 0);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]124
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]125 TEST_ASSERT(mbedtls_ccm_encrypt_and_tag(&ctx, msg_len, iv, iv_len, add, add_len,
126 msg, out, tag, tag_len) == res);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]127
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]128 decrypt_ret = mbedtls_ccm_auth_decrypt(&ctx, msg_len, iv, iv_len, add, add_len,
129 msg, out, tag, tag_len);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]130
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]131 if (res == 0) {
132 TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED);
133 } else {
134 TEST_ASSERT(decrypt_ret == res);
135 }
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]136
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]137exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]138 mbedtls_free(add);
139 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]140 BLOCK_CIPHER_PSA_DONE();
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]141}
142/* END_CASE */
143
Valerio Setti45c84fe2023-12-20 09:54:39 +0100[diff] [blame]144/* BEGIN_CASE depends_on:MBEDTLS_CCM_GCM_CAN_AES */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]145void ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len,
146 int res)
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]147{
148 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]149 mbedtls_ccm_init(&ctx);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]150 unsigned char key[16];
151 unsigned char msg[10];
152 unsigned char iv[14];
153 unsigned char add[10];
154 unsigned char out[10];
155 unsigned char tag[18];
156 int decrypt_ret;
157
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]158 BLOCK_CIPHER_PSA_INIT();
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]159
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]160 memset(key, 0, sizeof(key));
161 memset(msg, 0, sizeof(msg));
162 memset(iv, 0, sizeof(iv));
163 memset(add, 0, sizeof(add));
164 memset(out, 0, sizeof(out));
165 memset(tag, 0, sizeof(tag));
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]166
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]167 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
168 key, 8 * sizeof(key)) == 0);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]169
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]170 TEST_ASSERT(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg_len, iv, iv_len,
171 add, add_len, msg, out, tag, tag_len) == res);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]172
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]173 decrypt_ret = mbedtls_ccm_star_auth_decrypt(&ctx, msg_len, iv, iv_len, add,
174 add_len, msg, out, tag, tag_len);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]175
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]176 if (res == 0 && tag_len != 0) {
177 TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED);
178 } else {
179 TEST_ASSERT(decrypt_ret == res);
180 }
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]181
182exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]183 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]184 BLOCK_CIPHER_PSA_DONE();
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]185}
186/* END_CASE */
187
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]188/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]189void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key,
190 data_t *msg, data_t *iv,
191 data_t *add, data_t *result)
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]192{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]193 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]194 mbedtls_ccm_init(&ctx);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]195 size_t n1, n1_add;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]196 uint8_t *io_msg_buf = NULL;
197 uint8_t *tag_buf = NULL;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]198 const size_t expected_tag_len = result->len - msg->len;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]199 const uint8_t *expected_tag = result->x + msg->len;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]200
201 /* Prepare input/output message buffer */
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]202 TEST_CALLOC(io_msg_buf, msg->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]203 if (msg->len != 0) {
204 memcpy(io_msg_buf, msg->x, msg->len);
205 }
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]206
207 /* Prepare tag buffer */
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]208 TEST_CALLOC(tag_buf, expected_tag_len);
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]209
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]210 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]211 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
Manuel Pégourié-Gonnard0f6b66d2014-05-07 14:43:46 +0200[diff] [blame]212 /* Test with input == output */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]213 TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len,
214 io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), 0);
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]215
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]216 TEST_MEMORY_COMPARE(io_msg_buf, msg->len, result->x, msg->len);
217 TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len);
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]218
Mateusz Starzykceb5bc62021-07-30 14:36:22 +0200[diff] [blame]219 /* Prepare data_t structures for multipart testing */
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]220 const data_t encrypted_expected = { .x = result->x,
221 .len = msg->len };
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]222 const data_t tag_expected = { .x = (uint8_t *) expected_tag, /* cast to conform with data_t x type */
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]223 .len = expected_tag_len };
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]224
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]225 for (n1 = 0; n1 <= msg->len; n1 += 1) {
226 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
227 mbedtls_test_set_step(n1 * 10000 + n1_add);
228 if (!check_multipart(&ctx, MBEDTLS_CCM_ENCRYPT,
229 iv, add, msg,
230 &encrypted_expected,
231 &tag_expected,
232 n1, n1_add)) {
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]233 goto exit;
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]234 }
235 }
236 }
237
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]238exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]239 mbedtls_ccm_free(&ctx);
240 mbedtls_free(io_msg_buf);
241 mbedtls_free(tag_buf);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]242 BLOCK_CIPHER_PSA_DONE();
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]243}
244/* END_CASE */
245
246/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]247void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key,
248 data_t *msg, data_t *iv, data_t *result)
249{
250 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]251 mbedtls_ccm_init(&ctx);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]252 uint8_t *output = NULL;
253 size_t olen;
254
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]255 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]256 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
257 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
258 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0));
259
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]260 TEST_CALLOC(output, msg->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]261 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
262 TEST_EQUAL(result->len, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]263 TEST_MEMORY_COMPARE(output, olen, result->x, result->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]264
265 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, NULL, 0));
266exit:
267 mbedtls_free(output);
268 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]269 BLOCK_CIPHER_PSA_DONE();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]270}
271/* END_CASE */
272
273/* BEGIN_CASE */
274void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key,
275 data_t *msg, data_t *iv,
276 data_t *add, int expected_tag_len, int result,
277 data_t *expected_msg)
278{
279 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]280 mbedtls_ccm_init(&ctx);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]281 size_t n1, n1_add;
282
283 const size_t expected_msg_len = msg->len - expected_tag_len;
284 const uint8_t *expected_tag = msg->x + expected_msg_len;
285
286 /* Prepare input/output message buffer */
287 uint8_t *io_msg_buf = NULL;
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]288 TEST_CALLOC(io_msg_buf, expected_msg_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]289 if (expected_msg_len) {
290 memcpy(io_msg_buf, msg->x, expected_msg_len);
291 }
292
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]293 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]294 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
295 /* Test with input == output */
296 TEST_EQUAL(mbedtls_ccm_auth_decrypt(&ctx, expected_msg_len, iv->x, iv->len, add->x, add->len,
297 io_msg_buf, io_msg_buf, expected_tag, expected_tag_len),
298 result);
299
300 if (result == 0) {
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]301 TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]302
303 /* Prepare data_t structures for multipart testing */
304 const data_t encrypted = { .x = msg->x,
305 .len = expected_msg_len };
306
307 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
308 .len = expected_tag_len };
309
310 for (n1 = 0; n1 <= expected_msg_len; n1 += 1) {
311 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
312 mbedtls_test_set_step(n1 * 10000 + n1_add);
313 if (!check_multipart(&ctx, MBEDTLS_CCM_DECRYPT,
314 iv, add, &encrypted,
315 expected_msg,
316 &tag_expected,
317 n1, n1_add)) {
318 goto exit;
319 }
320 }
321 }
322 } else {
323 size_t i;
324
325 for (i = 0; i < expected_msg_len; i++) {
326 TEST_EQUAL(io_msg_buf[i], 0);
327 }
328 }
329
330exit:
331 mbedtls_free(io_msg_buf);
332 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]333 BLOCK_CIPHER_PSA_DONE();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]334}
335/* END_CASE */
336
337/* BEGIN_CASE */
338void mbedtls_ccm_star_encrypt_and_tag(int cipher_id,
339 data_t *key, data_t *msg,
340 data_t *source_address, data_t *frame_counter,
341 int sec_level, data_t *add,
342 data_t *expected_result, int output_ret)
343{
344 unsigned char iv[13];
345 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]346 mbedtls_ccm_init(&ctx);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]347 size_t iv_len, expected_tag_len;
348 size_t n1, n1_add;
349 uint8_t *io_msg_buf = NULL;
350 uint8_t *tag_buf = NULL;
351
352 const uint8_t *expected_tag = expected_result->x + msg->len;
353
354 /* Calculate tag length */
355 if (sec_level % 4 == 0) {
356 expected_tag_len = 0;
357 } else {
358 expected_tag_len = 1 << (sec_level % 4 + 1);
359 }
360
361 /* Prepare input/output message buffer */
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]362 TEST_CALLOC(io_msg_buf, msg->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]363 if (msg->len) {
364 memcpy(io_msg_buf, msg->x, msg->len);
365 }
366
367 /* Prepare tag buffer */
368 if (expected_tag_len == 0) {
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]369 TEST_CALLOC(tag_buf, 16);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]370 } else {
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]371 TEST_CALLOC(tag_buf, expected_tag_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]372 }
373
374 /* Calculate iv */
375 TEST_ASSERT(source_address->len == 8);
376 TEST_ASSERT(frame_counter->len == 4);
377 memcpy(iv, source_address->x, source_address->len);
378 memcpy(iv + source_address->len, frame_counter->x, frame_counter->len);
379 iv[source_address->len + frame_counter->len] = sec_level;
380 iv_len = sizeof(iv);
381
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]382 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]383 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id,
384 key->x, key->len * 8), 0);
385 /* Test with input == output */
386 TEST_EQUAL(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg->len, iv, iv_len,
387 add->x, add->len, io_msg_buf,
388 io_msg_buf, tag_buf, expected_tag_len), output_ret);
389
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]390 TEST_MEMORY_COMPARE(io_msg_buf, msg->len, expected_result->x, msg->len);
391 TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]392
393 if (output_ret == 0) {
394 const data_t iv_data = { .x = iv,
395 .len = iv_len };
396
397 const data_t encrypted_expected = { .x = expected_result->x,
398 .len = msg->len };
399 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
400 .len = expected_tag_len };
401
402 for (n1 = 0; n1 <= msg->len; n1 += 1) {
403 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
404 mbedtls_test_set_step(n1 * 10000 + n1_add);
405 if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_ENCRYPT,
406 &iv_data, add, msg,
407 &encrypted_expected,
408 &tag_expected,
409 n1, n1_add)) {
410 goto exit;
411 }
412 }
413 }
414 }
415
416exit:
417 mbedtls_ccm_free(&ctx);
418 mbedtls_free(io_msg_buf);
419 mbedtls_free(tag_buf);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]420 BLOCK_CIPHER_PSA_DONE();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]421}
422/* END_CASE */
423
424/* BEGIN_CASE */
425void mbedtls_ccm_star_auth_decrypt(int cipher_id,
426 data_t *key, data_t *msg,
427 data_t *source_address, data_t *frame_counter,
428 int sec_level, data_t *add,
429 data_t *expected_result, int output_ret)
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]430{
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]431 unsigned char iv[13];
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]432 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]433 mbedtls_ccm_init(&ctx);
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]434 size_t iv_len, expected_tag_len;
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]435 size_t n1, n1_add;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]436
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]437 /* Calculate tag length */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]438 if (sec_level % 4 == 0) {
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]439 expected_tag_len = 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]440 } else {
441 expected_tag_len = 1 << (sec_level % 4 + 1);
442 }
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]443
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]444 const size_t expected_msg_len = msg->len - expected_tag_len;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]445 const uint8_t *expected_tag = msg->x + expected_msg_len;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]446
447 /* Prepare input/output message buffer */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]448 uint8_t *io_msg_buf = NULL;
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]449 TEST_CALLOC(io_msg_buf, expected_msg_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]450 if (expected_msg_len) {
451 memcpy(io_msg_buf, msg->x, expected_msg_len);
452 }
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]453
454 /* Calculate iv */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]455 memset(iv, 0x00, sizeof(iv));
456 TEST_ASSERT(source_address->len == 8);
457 TEST_ASSERT(frame_counter->len == 4);
458 memcpy(iv, source_address->x, source_address->len);
459 memcpy(iv + source_address->len, frame_counter->x, frame_counter->len);
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]460 iv[source_address->len + frame_counter->len] = sec_level;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]461 iv_len = sizeof(iv);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]462
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]463 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]464 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0);
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]465 /* Test with input == output */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]466 TEST_EQUAL(mbedtls_ccm_star_auth_decrypt(&ctx, expected_msg_len, iv, iv_len,
467 add->x, add->len, io_msg_buf, io_msg_buf,
468 expected_tag, expected_tag_len), output_ret);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]469
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]470 TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]471
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]472 if (output_ret == 0) {
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]473 const data_t iv_data = { .x = iv,
474 .len = iv_len };
475
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]476 const data_t encrypted = { .x = msg->x,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]477 .len = expected_msg_len };
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]478
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]479 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]480 .len = expected_tag_len };
481
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]482 for (n1 = 0; n1 <= expected_msg_len; n1 += 1) {
483 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
484 mbedtls_test_set_step(n1 * 10000 + n1_add);
485 if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_DECRYPT,
486 &iv_data, add, &encrypted,
487 expected_result,
488 &tag_expected,
489 n1, n1_add)) {
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]490 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]491 }
492 }
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]493 }
494 }
495
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]496exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]497 mbedtls_ccm_free(&ctx);
498 mbedtls_free(io_msg_buf);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]499 BLOCK_CIPHER_PSA_DONE();
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]500}
501/* END_CASE */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]502
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]503/* Skip auth data, provide full text */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]504/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]505void mbedtls_ccm_skip_ad(int cipher_id, int mode,
506 data_t *key, data_t *msg, data_t *iv,
507 data_t *result, data_t *tag)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]508{
509 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]510 mbedtls_ccm_init(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]511 uint8_t *output = NULL;
512 size_t olen;
513
514 /* Sanity checks on the test data */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]515 TEST_EQUAL(msg->len, result->len);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]516
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]517 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]518 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
519 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
520 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]521
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]522 TEST_CALLOC(output, result->len);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]523 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]524 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, result->len, &olen));
525 TEST_EQUAL(result->len, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]526 TEST_MEMORY_COMPARE(output, olen, result->x, result->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]527 mbedtls_free(output);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]528 output = NULL;
529
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]530 TEST_CALLOC(output, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]531 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len));
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]532 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]533 mbedtls_free(output);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]534 output = NULL;
535
536exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]537 mbedtls_free(output);
538 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]539 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]540}
541/* END_CASE */
542
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]543/* Provide auth data, skip full text */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]544/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]545void mbedtls_ccm_skip_update(int cipher_id, int mode,
546 data_t *key, data_t *iv, data_t *add,
547 data_t *tag)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]548{
549 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]550 mbedtls_ccm_init(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]551 uint8_t *output = NULL;
552
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]553 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]554 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
555 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
556 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, tag->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]557
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]558 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]559
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]560 TEST_CALLOC(output, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]561 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len));
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]562 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]563 mbedtls_free(output);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]564 output = NULL;
565
566exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]567 mbedtls_free(output);
568 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]569 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]570}
571/* END_CASE */
572
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]573/* Provide too much auth data */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]574/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]575void mbedtls_ccm_overflow_ad(int cipher_id, int mode,
576 data_t *key, data_t *iv,
577 data_t *add)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]578{
579 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]580 mbedtls_ccm_init(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]581
Gilles Peskine42919e02024-10-07 11:12:17 +0200[diff] [blame]582 /* This test can't be run with empty additional data */
583 TEST_LE_U(1, add->len);
584
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]585 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]586 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
587 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]588 // use hardcoded values for msg length and tag length. They are not a part of this test
Mateusz Starzyk3050f052021-09-02 12:38:51 +0200[diff] [blame]589 // subtract 1 from configured auth data length to provoke an overflow
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]590 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len - 1, 16, 16));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]591
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]592 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]593exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]594 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]595 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]596}
597/* END_CASE */
598
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]599/* Provide unexpected auth data */
600/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]601void mbedtls_ccm_unexpected_ad(int cipher_id, int mode,
602 data_t *key, data_t *iv,
603 data_t *add)
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]604{
605 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]606 mbedtls_ccm_init(&ctx);
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]607
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]608 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]609 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
610 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]611 // use hardcoded values for msg length and tag length. They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]612 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, 16, 16));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]613
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]614 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]615exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]616 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]617 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]618}
619/* END_CASE */
620
621/* Provide unexpected plaintext/ciphertext data */
622/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]623void mbedtls_ccm_unexpected_text(int cipher_id, int mode,
624 data_t *key, data_t *msg, data_t *iv,
625 data_t *add)
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]626{
627 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]628 mbedtls_ccm_init(&ctx);
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]629 uint8_t *output = NULL;
630 size_t olen;
631
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]632 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]633 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
634 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]635 // use hardcoded value for tag length. It is not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]636 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]637
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]638 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]639
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]640 TEST_CALLOC(output, msg->len);
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]641 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]642 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT,
643 mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]644exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]645 mbedtls_free(output);
646 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]647 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]648}
649/* END_CASE */
650
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]651/* Provide incomplete auth data and finish */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]652/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]653void mbedtls_ccm_incomplete_ad(int cipher_id, int mode,
654 data_t *key, data_t *iv, data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]655{
656 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]657 mbedtls_ccm_init(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]658 uint8_t *output = NULL;
659
Gilles Peskine42919e02024-10-07 11:12:17 +0200[diff] [blame]660 /* This test can't be run with empty additional data */
661 TEST_LE_U(1, add->len);
662
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]663 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]664 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
665 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]666 // use hardcoded values for msg length and tag length. They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]667 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]668
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]669 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]670
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]671 TEST_CALLOC(output, 16);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]672 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]673
674exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]675 mbedtls_free(output);
676 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]677 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]678}
679/* END_CASE */
680
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]681/* Provide complete auth data on first update_ad.
682 * Provide unexpected auth data on second update_ad */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]683/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]684void mbedtls_ccm_full_ad_and_overflow(int cipher_id, int mode,
685 data_t *key, data_t *iv,
686 data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]687{
688 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]689 mbedtls_ccm_init(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]690
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]691 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]692 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
693 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]694 // use hardcoded values for msg length and tag length. They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]695 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]696
697 // pass full auth data
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]698 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]699 // pass 1 extra byte
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]700 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, 1));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]701exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]702 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]703 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]704}
705/* END_CASE */
706
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]707/* Provide incomplete auth data on first update_ad.
708 * Provide too much auth data on second update_ad */
709/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]710void mbedtls_ccm_incomplete_ad_and_overflow(int cipher_id, int mode,
711 data_t *key, data_t *iv,
712 data_t *add)
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]713{
714 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]715 mbedtls_ccm_init(&ctx);
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]716 uint8_t add_second_buffer[2];
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]717
Gilles Peskine42919e02024-10-07 11:12:17 +0200[diff] [blame]718 /* This test can't be run with empty additional data */
719 TEST_LE_U(1, add->len);
720
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]721 add_second_buffer[0] = add->x[add->len - 1];
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]722 add_second_buffer[1] = 0xAB; // some magic value
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]723
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]724 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]725 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
726 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]727 // use hardcoded values for msg length and tag length. They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]728 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]729
730 // pass incomplete auth data
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]731 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]732 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]733 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add_second_buffer, 2));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]734exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]735 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]736 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]737}
738/* END_CASE */
739
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]740/* Provide too much plaintext/ciphertext */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]741/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]742void mbedtls_ccm_overflow_update(int cipher_id, int mode,
743 data_t *key, data_t *msg, data_t *iv,
744 data_t *add)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]745{
746 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]747 mbedtls_ccm_init(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]748 uint8_t *output = NULL;
749 size_t olen;
750
Gilles Peskine42919e02024-10-07 11:12:17 +0200[diff] [blame]751 /* This test can't be run with an empty message */
752 TEST_LE_U(1, msg->len);
753
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]754 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]755 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
756 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]757 // use hardcoded value for tag length. It is a not a part of this test
Mateusz Starzyk3050f052021-09-02 12:38:51 +0200[diff] [blame]758 // subtract 1 from configured msg length to provoke an overflow
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]759 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len - 1, 16));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]760
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]761 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]762
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]763 TEST_CALLOC(output, msg->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]764 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
765 mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]766exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]767 mbedtls_free(output);
768 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]769 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]770}
771/* END_CASE */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]772
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]773/* Provide incomplete plaintext/ciphertext and finish */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]774/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]775void mbedtls_ccm_incomplete_update(int cipher_id, int mode,
776 data_t *key, data_t *msg, data_t *iv,
777 data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]778{
779 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]780 mbedtls_ccm_init(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]781 uint8_t *output = NULL;
782 size_t olen;
783
Gilles Peskine42919e02024-10-07 11:12:17 +0200[diff] [blame]784 /* This test can't be run with an empty message */
785 TEST_LE_U(1, msg->len);
786
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]787 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]788 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
789 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]790 // use hardcoded value for tag length. It is not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]791 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]792
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]793 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]794
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]795 TEST_CALLOC(output, msg->len);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]796 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]797 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len, &olen));
798 mbedtls_free(output);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]799 output = NULL;
800
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]801 TEST_CALLOC(output, 16);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]802 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]803
804exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]805 mbedtls_free(output);
806 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]807 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]808}
809/* END_CASE */
810
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]811/* Provide full plaintext/ciphertext of first update
812 * Provide unexpected plaintext/ciphertext on second update */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]813/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]814void mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode,
815 data_t *key, data_t *msg, data_t *iv,
816 data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]817{
818 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]819 mbedtls_ccm_init(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]820 uint8_t *output = NULL;
821 size_t olen;
822
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]823 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]824 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
825 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]826 // use hardcoded value for tag length. It is a not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]827 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]828
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]829 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]830
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]831 TEST_CALLOC(output, msg->len);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]832 // pass full text
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]833 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]834 // pass 1 extra byte
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]835 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
836 mbedtls_ccm_update(&ctx, msg->x, 1, output, 1, &olen));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]837exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]838 mbedtls_free(output);
839 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]840 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]841}
842/* END_CASE */
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]843
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]844/* Provide incomplete plaintext/ciphertext of first update
845 * Provide too much plaintext/ciphertext on second update */
846/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]847void mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode,
848 data_t *key, data_t *msg, data_t *iv,
849 data_t *add)
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]850{
851 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]852 mbedtls_ccm_init(&ctx);
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]853 uint8_t *output = NULL;
854 size_t olen;
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]855 uint8_t msg_second_buffer[2];
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]856
Gilles Peskine42919e02024-10-07 11:12:17 +0200[diff] [blame]857 /* This test can't be run with an empty message */
858 TEST_LE_U(1, msg->len);
859
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]860 msg_second_buffer[0] = msg->x[msg->len - 1];
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]861 msg_second_buffer[1] = 0xAB; // some magic value
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]862
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]863 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]864 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
865 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]866 // use hardcoded value for tag length. It is a not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]867 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]868
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]869 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]870
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]871 TEST_CALLOC(output, msg->len + 1);
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]872 // pass incomplete text
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]873 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]874 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]875 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
876 mbedtls_ccm_update(&ctx, msg_second_buffer, 2, output + msg->len - 1, 2, &olen));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]877exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]878 mbedtls_free(output);
879 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]880 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]881}
882/* END_CASE */
883
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]884/* Finish without passing any auth data or plaintext/ciphertext input */
885/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]886void mbedtls_ccm_instant_finish(int cipher_id, int mode,
887 data_t *key, data_t *iv)
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]888{
889 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame]890 mbedtls_ccm_init(&ctx);
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]891 uint8_t *output = NULL;
892
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]893 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]894 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
895 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]896 // use hardcoded values for add length, msg length and tag length.
897 // They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]898 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 16, 16, 16));
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]899
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]900 TEST_CALLOC(output, 16);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]901 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]902
903exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]904 mbedtls_free(output);
905 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]906 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]907}
908/* END_CASE */