TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / efe30760e5dad5c73f976cfefda5a11c5ab86a9a / . / tests / suites / test_suite_ccm.function
blob: 8c39d27a114557bbac40e097049b15fae6f2ce7c [file] [log] [blame]
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ccm.h"
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]3
4/* Use the multipart interface to process the encrypted data in two parts
5 * and check that the output matches the expected output.
6 * The context must have been set up with the key. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]7static int check_multipart(mbedtls_ccm_context *ctx,
8 int mode,
9 const data_t *iv,
10 const data_t *add,
11 const data_t *input,
12 const data_t *expected_output,
13 const data_t *tag,
14 size_t n1,
15 size_t n1_add)
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]16{
17 int ok = 0;
18 uint8_t *output = NULL;
19 size_t n2 = input->len - n1;
20 size_t n2_add = add->len - n1_add;
21 size_t olen;
22
23 /* Sanity checks on the test data */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]24 TEST_ASSERT(n1 <= input->len);
25 TEST_ASSERT(n1_add <= add->len);
26 TEST_EQUAL(input->len, expected_output->len);
27 TEST_EQUAL(0, mbedtls_ccm_starts(ctx, mode, iv->x, iv->len));
28 TEST_EQUAL(0, mbedtls_ccm_set_lengths(ctx, add->len, input->len, tag->len));
29 TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x, n1_add));
30 TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x + n1_add, n2_add));
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]31
32 /* Allocate a tight buffer for each update call. This way, if the function
33 * tries to write beyond the advertised required buffer size, this will
34 * count as an overflow for memory sanitizers and static checkers. */
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]35 TEST_CALLOC(output, n1);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]36 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]37 TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x, n1, output, n1, &olen));
38 TEST_EQUAL(n1, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]39 TEST_MEMORY_COMPARE(output, olen, expected_output->x, n1);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]40 mbedtls_free(output);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]41 output = NULL;
42
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]43 TEST_CALLOC(output, n2);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]44 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]45 TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x + n1, n2, output, n2, &olen));
46 TEST_EQUAL(n2, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]47 TEST_MEMORY_COMPARE(output, olen, expected_output->x + n1, n2);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]48 mbedtls_free(output);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]49 output = NULL;
50
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]51 TEST_CALLOC(output, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]52 TEST_EQUAL(0, mbedtls_ccm_finish(ctx, output, tag->len));
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]53 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]54 mbedtls_free(output);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]55 output = NULL;
56
57 ok = 1;
58exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]59 mbedtls_free(output);
60 return ok;
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]61}
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]62/* END_HEADER */
63
64/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]65 * depends_on:MBEDTLS_CCM_C
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]66 * END_DEPENDENCIES
67 */
68
Valerio Setti689c0f72023-12-20 09:53:39 +0100[diff] [blame]69/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_CCM_GCM_CAN_AES */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]70void mbedtls_ccm_self_test()
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]71{
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]72 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]73 TEST_ASSERT(mbedtls_ccm_self_test(1) == 0);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]74 BLOCK_CIPHER_PSA_DONE();
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]75}
76/* END_CASE */
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]77
78/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]79void mbedtls_ccm_setkey(int cipher_id, int key_size, int result)
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]80{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]81 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]82 mbedtls_ccm_init(&ctx);
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]83 unsigned char key[32];
84 int ret;
85
Valerio Setti45c84fe2023-12-20 09:54:39 +0100[diff] [blame]86 BLOCK_CIPHER_PSA_INIT();
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]87
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]88 memset(key, 0x2A, sizeof(key));
89 TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]90
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]91 ret = mbedtls_ccm_setkey(&ctx, cipher_id, key, key_size);
92 TEST_ASSERT(ret == result);
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]93
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]94exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]95 mbedtls_ccm_free(&ctx);
Valerio Setti45c84fe2023-12-20 09:54:39 +0100[diff] [blame]96 BLOCK_CIPHER_PSA_DONE();
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]97}
98/* END_CASE */
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]99
Valerio Setti689c0f72023-12-20 09:53:39 +0100[diff] [blame]100/* BEGIN_CASE depends_on:MBEDTLS_CCM_GCM_CAN_AES */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]101void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res)
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]102{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]103 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]104 mbedtls_ccm_init(&ctx);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]105 unsigned char key[16];
106 unsigned char msg[10];
107 unsigned char iv[14];
Dave Rodgman2e680342020-10-15 14:00:40 +0100[diff] [blame]108 unsigned char *add = NULL;
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]109 unsigned char out[10];
110 unsigned char tag[18];
111 int decrypt_ret;
112
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]113 BLOCK_CIPHER_PSA_INIT();
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]114
Tom Cosgrove412a8132023-07-20 16:55:14 +0100[diff] [blame]115 TEST_CALLOC_OR_SKIP(add, add_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]116 memset(key, 0, sizeof(key));
117 memset(msg, 0, sizeof(msg));
118 memset(iv, 0, sizeof(iv));
119 memset(out, 0, sizeof(out));
120 memset(tag, 0, sizeof(tag));
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]121
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]122 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
123 key, 8 * sizeof(key)) == 0);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]124
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]125 TEST_ASSERT(mbedtls_ccm_encrypt_and_tag(&ctx, msg_len, iv, iv_len, add, add_len,
126 msg, out, tag, tag_len) == res);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]127
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]128 decrypt_ret = mbedtls_ccm_auth_decrypt(&ctx, msg_len, iv, iv_len, add, add_len,
129 msg, out, tag, tag_len);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]130
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]131 if (res == 0) {
132 TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED);
133 } else {
134 TEST_ASSERT(decrypt_ret == res);
135 }
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]136
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]137exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]138 mbedtls_free(add);
139 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]140 BLOCK_CIPHER_PSA_DONE();
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]141}
142/* END_CASE */
143
Valerio Setti45c84fe2023-12-20 09:54:39 +0100[diff] [blame]144/* BEGIN_CASE depends_on:MBEDTLS_CCM_GCM_CAN_AES */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]145void ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len,
146 int res)
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]147{
148 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]149 mbedtls_ccm_init(&ctx);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]150 unsigned char key[16];
151 unsigned char msg[10];
152 unsigned char iv[14];
153 unsigned char add[10];
154 unsigned char out[10];
155 unsigned char tag[18];
156 int decrypt_ret;
157
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]158 BLOCK_CIPHER_PSA_INIT();
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]159
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]160 memset(key, 0, sizeof(key));
161 memset(msg, 0, sizeof(msg));
162 memset(iv, 0, sizeof(iv));
163 memset(add, 0, sizeof(add));
164 memset(out, 0, sizeof(out));
165 memset(tag, 0, sizeof(tag));
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]166
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]167 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
168 key, 8 * sizeof(key)) == 0);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]169
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]170 TEST_ASSERT(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg_len, iv, iv_len,
171 add, add_len, msg, out, tag, tag_len) == res);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]172
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]173 decrypt_ret = mbedtls_ccm_star_auth_decrypt(&ctx, msg_len, iv, iv_len, add,
174 add_len, msg, out, tag, tag_len);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]175
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]176 if (res == 0 && tag_len != 0) {
177 TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED);
178 } else {
179 TEST_ASSERT(decrypt_ret == res);
180 }
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]181
182exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]183 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]184 BLOCK_CIPHER_PSA_DONE();
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]185}
186/* END_CASE */
187
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]188/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]189void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key,
190 data_t *msg, data_t *iv,
191 data_t *add, data_t *result)
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]192{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]193 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]194 mbedtls_ccm_init(&ctx);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]195 size_t n1, n1_add;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]196 uint8_t *io_msg_buf = NULL;
197 uint8_t *tag_buf = NULL;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]198 const size_t expected_tag_len = result->len - msg->len;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]199 const uint8_t *expected_tag = result->x + msg->len;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]200
201 /* Prepare input/output message buffer */
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]202 TEST_CALLOC(io_msg_buf, msg->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]203 if (msg->len != 0) {
204 memcpy(io_msg_buf, msg->x, msg->len);
205 }
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]206
207 /* Prepare tag buffer */
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]208 TEST_CALLOC(tag_buf, expected_tag_len);
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]209
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]210 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]211 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
Manuel Pégourié-Gonnard0f6b66d2014-05-07 14:43:46 +0200[diff] [blame]212 /* Test with input == output */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]213 TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len,
214 io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), 0);
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]215
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]216 TEST_MEMORY_COMPARE(io_msg_buf, msg->len, result->x, msg->len);
217 TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len);
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]218
Mateusz Starzykceb5bc62021-07-30 14:36:22 +0200[diff] [blame]219 /* Prepare data_t structures for multipart testing */
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]220 const data_t encrypted_expected = { .x = result->x,
221 .len = msg->len };
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]222 const data_t tag_expected = { .x = (uint8_t *) expected_tag, /* cast to conform with data_t x type */
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]223 .len = expected_tag_len };
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]224
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]225 for (n1 = 0; n1 <= msg->len; n1 += 1) {
226 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
227 mbedtls_test_set_step(n1 * 10000 + n1_add);
228 if (!check_multipart(&ctx, MBEDTLS_CCM_ENCRYPT,
229 iv, add, msg,
230 &encrypted_expected,
231 &tag_expected,
232 n1, n1_add)) {
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]233 goto exit;
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]234 }
235 }
236 }
237
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]238exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]239 mbedtls_ccm_free(&ctx);
240 mbedtls_free(io_msg_buf);
241 mbedtls_free(tag_buf);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]242 BLOCK_CIPHER_PSA_DONE();
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]243}
244/* END_CASE */
245
246/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]247void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key,
248 data_t *msg, data_t *iv, data_t *result)
249{
250 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]251 mbedtls_ccm_init(&ctx);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]252 uint8_t *output = NULL;
253 size_t olen;
254
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]255 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]256 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
257 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
258 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0));
259
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]260 TEST_CALLOC(output, msg->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]261 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
262 TEST_EQUAL(result->len, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]263 TEST_MEMORY_COMPARE(output, olen, result->x, result->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]264
265 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, NULL, 0));
266exit:
267 mbedtls_free(output);
268 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]269 BLOCK_CIPHER_PSA_DONE();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]270}
271/* END_CASE */
272
273/* BEGIN_CASE */
274void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key,
275 data_t *msg, data_t *iv,
276 data_t *add, int expected_tag_len, int result,
277 data_t *expected_msg)
278{
279 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]280 mbedtls_ccm_init(&ctx);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]281 size_t n1, n1_add;
282
283 const size_t expected_msg_len = msg->len - expected_tag_len;
284 const uint8_t *expected_tag = msg->x + expected_msg_len;
285
286 /* Prepare input/output message buffer */
287 uint8_t *io_msg_buf = NULL;
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]288 TEST_CALLOC(io_msg_buf, expected_msg_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]289 if (expected_msg_len) {
290 memcpy(io_msg_buf, msg->x, expected_msg_len);
291 }
292
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]293 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]294 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
295 /* Test with input == output */
296 TEST_EQUAL(mbedtls_ccm_auth_decrypt(&ctx, expected_msg_len, iv->x, iv->len, add->x, add->len,
297 io_msg_buf, io_msg_buf, expected_tag, expected_tag_len),
298 result);
299
300 if (result == 0) {
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]301 TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]302
303 /* Prepare data_t structures for multipart testing */
304 const data_t encrypted = { .x = msg->x,
305 .len = expected_msg_len };
306
307 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
308 .len = expected_tag_len };
309
310 for (n1 = 0; n1 <= expected_msg_len; n1 += 1) {
311 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
312 mbedtls_test_set_step(n1 * 10000 + n1_add);
313 if (!check_multipart(&ctx, MBEDTLS_CCM_DECRYPT,
314 iv, add, &encrypted,
315 expected_msg,
316 &tag_expected,
317 n1, n1_add)) {
318 goto exit;
319 }
320 }
321 }
322 } else {
323 size_t i;
324
325 for (i = 0; i < expected_msg_len; i++) {
326 TEST_EQUAL(io_msg_buf[i], 0);
327 }
328 }
329
330exit:
331 mbedtls_free(io_msg_buf);
332 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]333 BLOCK_CIPHER_PSA_DONE();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]334}
335/* END_CASE */
336
337/* BEGIN_CASE */
338void mbedtls_ccm_star_encrypt_and_tag(int cipher_id,
339 data_t *key, data_t *msg,
340 data_t *source_address, data_t *frame_counter,
341 int sec_level, data_t *add,
342 data_t *expected_result, int output_ret)
343{
344 unsigned char iv[13];
345 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]346 mbedtls_ccm_init(&ctx);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]347 size_t iv_len, expected_tag_len;
348 size_t n1, n1_add;
349 uint8_t *io_msg_buf = NULL;
350 uint8_t *tag_buf = NULL;
351
352 const uint8_t *expected_tag = expected_result->x + msg->len;
353
354 /* Calculate tag length */
355 if (sec_level % 4 == 0) {
356 expected_tag_len = 0;
357 } else {
358 expected_tag_len = 1 << (sec_level % 4 + 1);
359 }
360
361 /* Prepare input/output message buffer */
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]362 TEST_CALLOC(io_msg_buf, msg->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]363 if (msg->len) {
364 memcpy(io_msg_buf, msg->x, msg->len);
365 }
366
367 /* Prepare tag buffer */
368 if (expected_tag_len == 0) {
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]369 TEST_CALLOC(tag_buf, 16);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]370 } else {
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]371 TEST_CALLOC(tag_buf, expected_tag_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]372 }
373
374 /* Calculate iv */
375 TEST_ASSERT(source_address->len == 8);
376 TEST_ASSERT(frame_counter->len == 4);
377 memcpy(iv, source_address->x, source_address->len);
378 memcpy(iv + source_address->len, frame_counter->x, frame_counter->len);
379 iv[source_address->len + frame_counter->len] = sec_level;
380 iv_len = sizeof(iv);
381
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]382 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]383 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id,
384 key->x, key->len * 8), 0);
385 /* Test with input == output */
386 TEST_EQUAL(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg->len, iv, iv_len,
387 add->x, add->len, io_msg_buf,
388 io_msg_buf, tag_buf, expected_tag_len), output_ret);
389
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]390 TEST_MEMORY_COMPARE(io_msg_buf, msg->len, expected_result->x, msg->len);
391 TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]392
393 if (output_ret == 0) {
394 const data_t iv_data = { .x = iv,
395 .len = iv_len };
396
397 const data_t encrypted_expected = { .x = expected_result->x,
398 .len = msg->len };
399 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
400 .len = expected_tag_len };
401
402 for (n1 = 0; n1 <= msg->len; n1 += 1) {
403 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
404 mbedtls_test_set_step(n1 * 10000 + n1_add);
405 if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_ENCRYPT,
406 &iv_data, add, msg,
407 &encrypted_expected,
408 &tag_expected,
409 n1, n1_add)) {
410 goto exit;
411 }
412 }
413 }
414 }
415
416exit:
417 mbedtls_ccm_free(&ctx);
418 mbedtls_free(io_msg_buf);
419 mbedtls_free(tag_buf);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]420 BLOCK_CIPHER_PSA_DONE();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]421}
422/* END_CASE */
423
424/* BEGIN_CASE */
425void mbedtls_ccm_star_auth_decrypt(int cipher_id,
426 data_t *key, data_t *msg,
427 data_t *source_address, data_t *frame_counter,
428 int sec_level, data_t *add,
429 data_t *expected_result, int output_ret)
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]430{
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]431 unsigned char iv[13];
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]432 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]433 mbedtls_ccm_init(&ctx);
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]434 size_t iv_len, expected_tag_len;
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]435 size_t n1, n1_add;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]436
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]437 /* Calculate tag length */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]438 if (sec_level % 4 == 0) {
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]439 expected_tag_len = 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]440 } else {
441 expected_tag_len = 1 << (sec_level % 4 + 1);
442 }
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]443
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]444 const size_t expected_msg_len = msg->len - expected_tag_len;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]445 const uint8_t *expected_tag = msg->x + expected_msg_len;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]446
447 /* Prepare input/output message buffer */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]448 uint8_t *io_msg_buf = NULL;
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]449 TEST_CALLOC(io_msg_buf, expected_msg_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]450 if (expected_msg_len) {
451 memcpy(io_msg_buf, msg->x, expected_msg_len);
452 }
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]453
454 /* Calculate iv */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]455 memset(iv, 0x00, sizeof(iv));
456 TEST_ASSERT(source_address->len == 8);
457 TEST_ASSERT(frame_counter->len == 4);
458 memcpy(iv, source_address->x, source_address->len);
459 memcpy(iv + source_address->len, frame_counter->x, frame_counter->len);
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]460 iv[source_address->len + frame_counter->len] = sec_level;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]461 iv_len = sizeof(iv);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]462
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]463 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]464 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0);
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]465 /* Test with input == output */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]466 TEST_EQUAL(mbedtls_ccm_star_auth_decrypt(&ctx, expected_msg_len, iv, iv_len,
467 add->x, add->len, io_msg_buf, io_msg_buf,
468 expected_tag, expected_tag_len), output_ret);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]469
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]470 TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]471
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]472 if (output_ret == 0) {
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]473 const data_t iv_data = { .x = iv,
474 .len = iv_len };
475
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]476 const data_t encrypted = { .x = msg->x,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]477 .len = expected_msg_len };
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]478
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]479 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]480 .len = expected_tag_len };
481
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]482 for (n1 = 0; n1 <= expected_msg_len; n1 += 1) {
483 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
484 mbedtls_test_set_step(n1 * 10000 + n1_add);
485 if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_DECRYPT,
486 &iv_data, add, &encrypted,
487 expected_result,
488 &tag_expected,
489 n1, n1_add)) {
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]490 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]491 }
492 }
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]493 }
494 }
495
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]496exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]497 mbedtls_ccm_free(&ctx);
498 mbedtls_free(io_msg_buf);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]499 BLOCK_CIPHER_PSA_DONE();
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]500}
501/* END_CASE */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]502
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]503/* Skip auth data, provide full text */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]504/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]505void mbedtls_ccm_skip_ad(int cipher_id, int mode,
506 data_t *key, data_t *msg, data_t *iv,
507 data_t *result, data_t *tag)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]508{
509 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]510 mbedtls_ccm_init(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]511 uint8_t *output = NULL;
512 size_t olen;
513
514 /* Sanity checks on the test data */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]515 TEST_EQUAL(msg->len, result->len);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]516
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]517 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]518 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
519 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
520 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]521
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]522 TEST_CALLOC(output, result->len);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]523 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]524 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, result->len, &olen));
525 TEST_EQUAL(result->len, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]526 TEST_MEMORY_COMPARE(output, olen, result->x, result->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]527 mbedtls_free(output);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]528 output = NULL;
529
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]530 TEST_CALLOC(output, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]531 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len));
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]532 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]533 mbedtls_free(output);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]534 output = NULL;
535
536exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]537 mbedtls_free(output);
538 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]539 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]540}
541/* END_CASE */
542
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]543/* Provide auth data, skip full text */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]544/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]545void mbedtls_ccm_skip_update(int cipher_id, int mode,
546 data_t *key, data_t *iv, data_t *add,
547 data_t *tag)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]548{
549 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]550 mbedtls_ccm_init(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]551 uint8_t *output = NULL;
552
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]553 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]554 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
555 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
556 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, tag->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]557
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]558 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]559
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]560 TEST_CALLOC(output, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]561 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len));
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]562 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]563 mbedtls_free(output);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]564 output = NULL;
565
566exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]567 mbedtls_free(output);
568 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]569 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]570}
571/* END_CASE */
572
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]573/* Provide too much auth data */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]574/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]575void mbedtls_ccm_overflow_ad(int cipher_id, int mode,
576 data_t *key, data_t *iv,
577 data_t *add)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]578{
579 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]580 mbedtls_ccm_init(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]581
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]582 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]583 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
584 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]585 // use hardcoded values for msg length and tag length. They are not a part of this test
Mateusz Starzyk3050f052021-09-02 12:38:51 +0200[diff] [blame]586 // subtract 1 from configured auth data length to provoke an overflow
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]587 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len - 1, 16, 16));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]588
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]589 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]590exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]591 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]592 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]593}
594/* END_CASE */
595
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]596/* Provide unexpected auth data */
597/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]598void mbedtls_ccm_unexpected_ad(int cipher_id, int mode,
599 data_t *key, data_t *iv,
600 data_t *add)
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]601{
602 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]603 mbedtls_ccm_init(&ctx);
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]604
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]605 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]606 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
607 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]608 // use hardcoded values for msg length and tag length. They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]609 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, 16, 16));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]610
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]611 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]612exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]613 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]614 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]615}
616/* END_CASE */
617
618/* Provide unexpected plaintext/ciphertext data */
619/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]620void mbedtls_ccm_unexpected_text(int cipher_id, int mode,
621 data_t *key, data_t *msg, data_t *iv,
622 data_t *add)
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]623{
624 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]625 mbedtls_ccm_init(&ctx);
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]626 uint8_t *output = NULL;
627 size_t olen;
628
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]629 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]630 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
631 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]632 // use hardcoded value for tag length. It is not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]633 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]634
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]635 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]636
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]637 TEST_CALLOC(output, msg->len);
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]638 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]639 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT,
640 mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]641exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]642 mbedtls_free(output);
643 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]644 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]645}
646/* END_CASE */
647
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]648/* Provide incomplete auth data and finish */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]649/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]650void mbedtls_ccm_incomplete_ad(int cipher_id, int mode,
651 data_t *key, data_t *iv, data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]652{
653 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]654 mbedtls_ccm_init(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]655 uint8_t *output = NULL;
656
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]657 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]658 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
659 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]660 // use hardcoded values for msg length and tag length. They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]661 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]662
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]663 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]664
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]665 TEST_CALLOC(output, 16);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]666 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]667
668exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]669 mbedtls_free(output);
670 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]671 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]672}
673/* END_CASE */
674
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]675/* Provide complete auth data on first update_ad.
676 * Provide unexpected auth data on second update_ad */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]677/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]678void mbedtls_ccm_full_ad_and_overflow(int cipher_id, int mode,
679 data_t *key, data_t *iv,
680 data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]681{
682 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]683 mbedtls_ccm_init(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]684
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]685 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]686 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
687 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]688 // use hardcoded values for msg length and tag length. They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]689 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]690
691 // pass full auth data
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]692 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]693 // pass 1 extra byte
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]694 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, 1));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]695exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]696 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]697 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]698}
699/* END_CASE */
700
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]701/* Provide incomplete auth data on first update_ad.
702 * Provide too much auth data on second update_ad */
703/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]704void mbedtls_ccm_incomplete_ad_and_overflow(int cipher_id, int mode,
705 data_t *key, data_t *iv,
706 data_t *add)
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]707{
708 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]709 mbedtls_ccm_init(&ctx);
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]710 uint8_t add_second_buffer[2];
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]711
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]712 add_second_buffer[0] = add->x[add->len - 1];
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]713 add_second_buffer[1] = 0xAB; // some magic value
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]714
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]715 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]716 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
717 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]718 // use hardcoded values for msg length and tag length. They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]719 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]720
721 // pass incomplete auth data
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]722 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]723 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]724 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add_second_buffer, 2));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]725exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]726 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]727 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]728}
729/* END_CASE */
730
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]731/* Provide too much plaintext/ciphertext */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]732/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]733void mbedtls_ccm_overflow_update(int cipher_id, int mode,
734 data_t *key, data_t *msg, data_t *iv,
735 data_t *add)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]736{
737 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]738 mbedtls_ccm_init(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]739 uint8_t *output = NULL;
740 size_t olen;
741
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]742 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]743 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
744 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]745 // use hardcoded value for tag length. It is a not a part of this test
Mateusz Starzyk3050f052021-09-02 12:38:51 +0200[diff] [blame]746 // subtract 1 from configured msg length to provoke an overflow
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]747 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len - 1, 16));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]748
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]749 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]750
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]751 TEST_CALLOC(output, msg->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]752 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
753 mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]754exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]755 mbedtls_free(output);
756 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]757 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]758}
759/* END_CASE */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]760
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]761/* Provide incomplete plaintext/ciphertext and finish */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]762/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]763void mbedtls_ccm_incomplete_update(int cipher_id, int mode,
764 data_t *key, data_t *msg, data_t *iv,
765 data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]766{
767 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]768 mbedtls_ccm_init(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]769 uint8_t *output = NULL;
770 size_t olen;
771
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]772 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]773 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
774 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]775 // use hardcoded value for tag length. It is not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]776 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]777
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]778 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]779
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]780 TEST_CALLOC(output, msg->len);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]781 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]782 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len, &olen));
783 mbedtls_free(output);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]784 output = NULL;
785
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]786 TEST_CALLOC(output, 16);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]787 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]788
789exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]790 mbedtls_free(output);
791 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]792 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]793}
794/* END_CASE */
795
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]796/* Provide full plaintext/ciphertext of first update
797 * Provide unexpected plaintext/ciphertext on second update */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]798/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]799void mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode,
800 data_t *key, data_t *msg, data_t *iv,
801 data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]802{
803 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]804 mbedtls_ccm_init(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]805 uint8_t *output = NULL;
806 size_t olen;
807
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]808 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]809 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
810 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]811 // use hardcoded value for tag length. It is a not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]812 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]813
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]814 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]815
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]816 TEST_CALLOC(output, msg->len);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]817 // pass full text
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]818 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]819 // pass 1 extra byte
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]820 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
821 mbedtls_ccm_update(&ctx, msg->x, 1, output, 1, &olen));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]822exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]823 mbedtls_free(output);
824 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]825 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]826}
827/* END_CASE */
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]828
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]829/* Provide incomplete plaintext/ciphertext of first update
830 * Provide too much plaintext/ciphertext on second update */
831/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]832void mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode,
833 data_t *key, data_t *msg, data_t *iv,
834 data_t *add)
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]835{
836 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]837 mbedtls_ccm_init(&ctx);
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]838 uint8_t *output = NULL;
839 size_t olen;
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]840 uint8_t msg_second_buffer[2];
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]841
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]842 msg_second_buffer[0] = msg->x[msg->len - 1];
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]843 msg_second_buffer[1] = 0xAB; // some magic value
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]844
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]845 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]846 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
847 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]848 // use hardcoded value for tag length. It is a not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]849 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]850
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]851 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]852
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]853 TEST_CALLOC(output, msg->len + 1);
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]854 // pass incomplete text
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]855 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]856 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]857 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
858 mbedtls_ccm_update(&ctx, msg_second_buffer, 2, output + msg->len - 1, 2, &olen));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]859exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]860 mbedtls_free(output);
861 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]862 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]863}
864/* END_CASE */
865
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]866/* Finish without passing any auth data or plaintext/ciphertext input */
867/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]868void mbedtls_ccm_instant_finish(int cipher_id, int mode,
869 data_t *key, data_t *iv)
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]870{
871 mbedtls_ccm_context ctx;
Gilles Peskineefe30762024-10-07 11:11:32 +0200[diff] [blame^]872 mbedtls_ccm_init(&ctx);
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]873 uint8_t *output = NULL;
874
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]875 BLOCK_CIPHER_PSA_INIT();
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]876 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
877 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]878 // use hardcoded values for add length, msg length and tag length.
879 // They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]880 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 16, 16, 16));
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]881
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]882 TEST_CALLOC(output, 16);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]883 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]884
885exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]886 mbedtls_free(output);
887 mbedtls_ccm_free(&ctx);
Valerio Setti10e9aa22023-12-12 11:54:20 +0100[diff] [blame]888 BLOCK_CIPHER_PSA_DONE();
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]889}
890/* END_CASE */