commit 2da5328406529ebd057bcbae99c74745cffcdeb6
author Gilles Peskine <Gilles.Peskine@arm.com> Sun Jul 27 18:44:21 2025 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Fri Aug 08 15:14:47 2025 +0200
tree eca09245c3a374a0142211d8f9420c4f7cd9fe53
parent df00d458a2a2266b3ac9ab4ced85028cf59d68ae

Constant-flow tests for mbedtls_cipher_crypt

Add some basic constant-flow tests for `mbedtls_cipher_crypt()`. We already
test auxiliary functions and functional behavior pretty thoroughly
elsewhere, so here just focus on the interesting cases for constant-flow
behavior with this specific function: encrypt, valid decrypt and
invalid-padding decrypt.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/suites/test_suite_cipher.function

diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 37a77e5..8ae2234 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -1229,6 +1229,60 @@
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
+void test_vec_crypt_cf(int cipher_id, int pad_mode, int operation, data_t *key,
+                       data_t *iv, data_t *input, data_t *result,
+                       int expected_finish_result, int use_psa)
+{
+    mbedtls_cipher_context_t ctx;
+    unsigned char output[32];
+    size_t outlen;
+
+    mbedtls_cipher_init(&ctx);
+
+    memset(output, 0x00, sizeof(output));
+
+    TEST_CF_SECRET(key->x, key->len);
+    TEST_CF_SECRET(input->x, input->len);
+
+    /* Prepare context */
+#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED)
+    (void) use_psa;
+#else
+    if (use_psa == 1) {
+        PSA_ASSERT(psa_crypto_init());
+        TEST_ASSERT(0 == mbedtls_cipher_setup_psa(&ctx,
+                                                  mbedtls_cipher_info_from_type(cipher_id), 0));
+    } else
+#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED*/
+    TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx,
+                                          mbedtls_cipher_info_from_type(cipher_id)));
+
+    TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation));
+    if (MBEDTLS_MODE_CBC == ctx.cipher_info->mode) {
+        TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode));
+    }
+
+    int actual_finish_result =
+        mbedtls_cipher_crypt(&ctx, iv->len ? iv->x : NULL, iv->len,
+                             input->x, input->len,
+                             output, &outlen);
+    TEST_EQUAL(expected_finish_result, actual_finish_result);
+
+    /* check plaintext only if everything went fine */
+    if (0 == expected_finish_result) {
+        TEST_CF_PUBLIC(output, sizeof(output));
+        TEST_MEMORY_COMPARE(output, outlen, result->x, result->len);
+    }
+
+exit:
+    mbedtls_cipher_free(&ctx);
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_TEST_DEPRECATED)
+    PSA_DONE();
+#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_TEST_DEPRECATED */
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
 void set_padding(int cipher_id, int pad_mode, int ret)
 {
     const mbedtls_cipher_info_t *cipher_info;