mbedtls/tests/suites/test_suite_ccm.function

685 lines
23 KiB
Text
Raw Normal View History

2014-05-02 15:17:29 +02:00
/* BEGIN_HEADER */
2015-03-09 18:05:11 +01:00
#include "mbedtls/ccm.h"
/* Use the multipart interface to process the encrypted data in two parts
* and check that the output matches the expected output.
* The context must have been set up with the key. */
static int check_multipart( mbedtls_ccm_context *ctx,
int mode,
const data_t *iv,
const data_t *add,
const data_t *input,
const data_t *expected_output,
const data_t *tag,
size_t n1,
size_t n1_add)
{
int ok = 0;
uint8_t *output = NULL;
size_t n2 = input->len - n1;
size_t n2_add = add->len - n1_add;
size_t olen;
/* Sanity checks on the test data */
TEST_ASSERT( n1 <= input->len );
TEST_ASSERT( n1_add <= add->len );
TEST_EQUAL( input->len, expected_output->len );
TEST_EQUAL( 0, mbedtls_ccm_starts( ctx, mode, iv->x, iv->len ) );
TEST_EQUAL( 0, mbedtls_ccm_set_lengths( ctx, add->len, input->len, tag->len ) );
TEST_EQUAL( 0, mbedtls_ccm_update_ad( ctx, add->x, n1_add) );
TEST_EQUAL( 0, mbedtls_ccm_update_ad( ctx, add->x + n1_add, n2_add ) );
/* Allocate a tight buffer for each update call. This way, if the function
* tries to write beyond the advertised required buffer size, this will
* count as an overflow for memory sanitizers and static checkers. */
ASSERT_ALLOC( output, n1 );
olen = 0xdeadbeef;
TEST_EQUAL( 0, mbedtls_ccm_update( ctx, input->x, n1, output, n1, &olen ) );
TEST_EQUAL( n1, olen );
ASSERT_COMPARE( output, olen, expected_output->x, n1 );
mbedtls_free( output );
output = NULL;
ASSERT_ALLOC( output, n2 );
olen = 0xdeadbeef;
TEST_EQUAL( 0, mbedtls_ccm_update( ctx, input->x + n1, n2, output, n2, &olen ) );
TEST_EQUAL( n2, olen );
ASSERT_COMPARE( output, olen, expected_output->x + n1, n2 );
mbedtls_free( output );
output = NULL;
ASSERT_ALLOC( output, tag->len );
TEST_EQUAL( 0, mbedtls_ccm_finish( ctx, output, tag->len ) );
ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
mbedtls_free( output );
output = NULL;
ok = 1;
exit:
mbedtls_free( output );
return( ok );
}
2014-05-02 15:17:29 +02:00
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_CCM_C
2014-05-02 15:17:29 +02:00
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
2017-05-30 15:23:15 +02:00
void mbedtls_ccm_self_test( )
2014-05-02 15:17:29 +02:00
{
TEST_ASSERT( mbedtls_ccm_self_test( 1 ) == 0 );
2014-05-02 15:17:29 +02:00
}
/* END_CASE */
2014-05-06 12:12:45 +02:00
/* BEGIN_CASE */
2015-04-28 18:02:54 +02:00
void mbedtls_ccm_setkey( int cipher_id, int key_size, int result )
2014-05-06 12:12:45 +02:00
{
mbedtls_ccm_context ctx;
2014-05-06 12:12:45 +02:00
unsigned char key[32];
int ret;
2015-04-28 18:02:54 +02:00
mbedtls_ccm_init( &ctx );
2014-05-06 12:12:45 +02:00
memset( key, 0x2A, sizeof( key ) );
TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) );
2015-04-28 18:02:54 +02:00
ret = mbedtls_ccm_setkey( &ctx, cipher_id, key, key_size );
2014-05-06 12:12:45 +02:00
TEST_ASSERT( ret == result );
exit:
mbedtls_ccm_free( &ctx );
2014-05-06 12:12:45 +02:00
}
/* END_CASE */
2014-05-06 12:13:09 +02:00
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
2014-05-06 18:07:24 +02:00
void ccm_lengths( int msg_len, int iv_len, int add_len, int tag_len, int res )
{
mbedtls_ccm_context ctx;
2014-05-06 18:07:24 +02:00
unsigned char key[16];
unsigned char msg[10];
unsigned char iv[14];
unsigned char *add = NULL;
2014-05-06 18:07:24 +02:00
unsigned char out[10];
unsigned char tag[18];
int decrypt_ret;
2015-04-28 18:02:54 +02:00
mbedtls_ccm_init( &ctx );
ASSERT_ALLOC_WEAK( add, add_len );
2014-05-06 18:07:24 +02:00
memset( key, 0, sizeof( key ) );
memset( msg, 0, sizeof( msg ) );
memset( iv, 0, sizeof( iv ) );
memset( out, 0, sizeof( out ) );
memset( tag, 0, sizeof( tag ) );
2015-04-28 18:02:54 +02:00
TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
2014-05-06 18:07:24 +02:00
key, 8 * sizeof( key ) ) == 0 );
TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len,
2014-05-06 18:07:24 +02:00
msg, out, tag, tag_len ) == res );
decrypt_ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len, iv, iv_len, add, add_len,
2014-05-06 18:07:24 +02:00
msg, out, tag, tag_len );
if( res == 0 )
TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED );
2014-05-06 18:07:24 +02:00
else
TEST_ASSERT( decrypt_ret == res );
exit:
mbedtls_free( add );
mbedtls_ccm_free( &ctx );
2014-05-06 18:07:24 +02:00
}
/* END_CASE */
2018-05-14 15:32:41 +02:00
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
void ccm_star_lengths( int msg_len, int iv_len, int add_len, int tag_len,
int res )
{
mbedtls_ccm_context ctx;
unsigned char key[16];
unsigned char msg[10];
unsigned char iv[14];
unsigned char add[10];
unsigned char out[10];
unsigned char tag[18];
int decrypt_ret;
mbedtls_ccm_init( &ctx );
memset( key, 0, sizeof( key ) );
memset( msg, 0, sizeof( msg ) );
memset( iv, 0, sizeof( iv ) );
memset( add, 0, sizeof( add ) );
memset( out, 0, sizeof( out ) );
memset( tag, 0, sizeof( tag ) );
TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
key, 8 * sizeof( key ) ) == 0 );
TEST_ASSERT( mbedtls_ccm_star_encrypt_and_tag( &ctx, msg_len, iv, iv_len,
add, add_len, msg, out, tag, tag_len ) == res );
decrypt_ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len, iv, iv_len, add,
add_len, msg, out, tag, tag_len );
if( res == 0 && tag_len != 0 )
TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED );
else
TEST_ASSERT( decrypt_ret == res );
exit:
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
2014-05-06 12:13:09 +02:00
/* BEGIN_CASE */
void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key,
data_t * msg, data_t * iv,
data_t * add, data_t * result )
2014-05-06 12:13:09 +02:00
{
mbedtls_ccm_context ctx;
size_t n1, n1_add;
uint8_t* io_msg_buf = NULL;
uint8_t* tag_buf = NULL;
const size_t expected_tag_len = result->len - msg->len;
const uint8_t* expected_tag = result->x + msg->len;
2015-04-28 18:02:54 +02:00
/* Prepare input/output message buffer */
ASSERT_ALLOC( io_msg_buf, msg->len );
if( msg->len != 0 )
memcpy( io_msg_buf, msg->x, msg->len );
2017-05-30 15:23:15 +02:00
/* Prepare tag buffer */
ASSERT_ALLOC( tag_buf, expected_tag_len );
2014-05-06 12:13:09 +02:00
mbedtls_ccm_init( &ctx );
TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
2014-05-07 14:43:46 +02:00
/* Test with input == output */
TEST_EQUAL( mbedtls_ccm_encrypt_and_tag( &ctx, msg->len, iv->x, iv->len, add->x, add->len,
io_msg_buf, io_msg_buf, tag_buf, expected_tag_len ), 0);
2014-05-06 12:13:09 +02:00
ASSERT_COMPARE( io_msg_buf, msg->len, result->x, msg->len );
ASSERT_COMPARE( tag_buf, expected_tag_len, expected_tag, expected_tag_len );
2014-05-06 12:13:09 +02:00
/* Prepare data_t structures for multipart testing */
const data_t encrypted_expected = { .x = result->x,
.len = msg->len };
const data_t tag_expected = { .x = (uint8_t*) expected_tag, /* cast to conform with data_t x type */
.len = expected_tag_len };
for( n1 = 0; n1 <= msg->len; n1 += 1 )
{
for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
{
mbedtls_test_set_step( n1 * 10000 + n1_add );
if( !check_multipart( &ctx, MBEDTLS_CCM_ENCRYPT,
iv, add, msg,
&encrypted_expected,
&tag_expected,
n1, n1_add ) )
goto exit;
}
}
exit:
mbedtls_ccm_free( &ctx );
mbedtls_free( io_msg_buf );
mbedtls_free( tag_buf );
2014-05-06 12:13:09 +02:00
}
/* END_CASE */
2014-05-06 18:06:52 +02:00
/* BEGIN_CASE */
void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
data_t * msg, data_t * iv,
data_t * add, int expected_tag_len, int result,
data_t * expected_msg )
2014-05-06 18:06:52 +02:00
{
mbedtls_ccm_context ctx;
size_t n1, n1_add;
2014-05-06 18:06:52 +02:00
const size_t expected_msg_len = msg->len - expected_tag_len;
const uint8_t* expected_tag = msg->x + expected_msg_len;
/* Prepare input/output message buffer */
uint8_t* io_msg_buf = NULL;
ASSERT_ALLOC( io_msg_buf, expected_msg_len );
if( expected_msg_len )
memcpy( io_msg_buf, msg->x, expected_msg_len );
2014-05-06 18:06:52 +02:00
mbedtls_ccm_init( &ctx );
TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
2014-05-07 14:43:46 +02:00
/* Test with input == output */
TEST_EQUAL( mbedtls_ccm_auth_decrypt( &ctx, expected_msg_len, iv->x, iv->len, add->x, add->len,
io_msg_buf, io_msg_buf, expected_tag, expected_tag_len ), result );
2014-05-06 18:06:52 +02:00
if( result == 0 )
2014-05-06 18:06:52 +02:00
{
ASSERT_COMPARE( io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len );
/* Prepare data_t structures for multipart testing */
const data_t encrypted = { .x = msg->x,
.len = expected_msg_len };
const data_t tag_expected = { .x = (uint8_t*) expected_tag,
.len = expected_tag_len };
for( n1 = 0; n1 <= expected_msg_len; n1 += 1 )
{
for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
{
mbedtls_test_set_step( n1 * 10000 + n1_add );
if( !check_multipart( &ctx, MBEDTLS_CCM_DECRYPT,
iv, add, &encrypted,
expected_msg,
&tag_expected,
n1, n1_add ) )
goto exit;
}
}
2014-05-06 18:06:52 +02:00
}
else
{
size_t i;
for( i = 0; i < expected_msg_len; i++ )
TEST_EQUAL( io_msg_buf[i], 0 );
2014-05-06 18:06:52 +02:00
}
exit:
mbedtls_free(io_msg_buf);
mbedtls_ccm_free( &ctx );
2014-05-06 18:06:52 +02:00
}
/* END_CASE */
2018-05-29 15:12:26 +02:00
/* BEGIN_CASE */
void mbedtls_ccm_star_encrypt_and_tag( int cipher_id,
data_t *key, data_t *msg,
data_t *source_address, data_t *frame_counter,
int sec_level, data_t *add,
data_t *expected_result, int output_ret )
2018-05-29 15:12:26 +02:00
{
unsigned char iv[13];
mbedtls_ccm_context ctx;
size_t iv_len, expected_tag_len;
size_t n1, n1_add;
uint8_t* io_msg_buf = NULL;
uint8_t* tag_buf = NULL;
2018-05-29 15:12:26 +02:00
const uint8_t* expected_tag = expected_result->x + msg->len;
2018-05-29 15:12:26 +02:00
/* Calculate tag length */
2018-05-29 15:12:26 +02:00
if( sec_level % 4 == 0)
expected_tag_len = 0;
else
expected_tag_len = 1 << ( sec_level % 4 + 1);
/* Prepare input/output message buffer */
ASSERT_ALLOC( io_msg_buf, msg->len );
if( msg->len )
memcpy( io_msg_buf, msg->x, msg->len );
/* Prepare tag buffer */
if( expected_tag_len == 0 )
ASSERT_ALLOC( tag_buf, 16 );
2018-05-29 15:12:26 +02:00
else
ASSERT_ALLOC( tag_buf, expected_tag_len );
2018-05-29 15:12:26 +02:00
/* Calculate iv */
TEST_ASSERT( source_address->len == 8 );
TEST_ASSERT( frame_counter->len == 4 );
memcpy( iv, source_address->x, source_address->len );
memcpy( iv + source_address->len, frame_counter->x, frame_counter->len );
iv[source_address->len + frame_counter->len] = sec_level;
2018-05-29 15:12:26 +02:00
iv_len = sizeof( iv );
mbedtls_ccm_init( &ctx );
TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id,
key->x, key->len * 8 ), 0 );
/* Test with input == output */
TEST_EQUAL( mbedtls_ccm_star_encrypt_and_tag( &ctx, msg->len, iv, iv_len,
add->x, add->len, io_msg_buf,
io_msg_buf, tag_buf, expected_tag_len), output_ret );
2018-05-29 15:12:26 +02:00
ASSERT_COMPARE( io_msg_buf, msg->len, expected_result->x, msg->len );
ASSERT_COMPARE( tag_buf, expected_tag_len, expected_tag, expected_tag_len );
2018-05-29 15:12:26 +02:00
if( output_ret == 0 )
{
const data_t iv_data = { .x = iv,
.len = iv_len };
const data_t encrypted_expected = { .x = expected_result->x,
.len = msg->len };
const data_t tag_expected = { .x = (uint8_t*)expected_tag,
.len = expected_tag_len };
for( n1 = 0; n1 <= msg->len; n1 += 1 )
{
for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
{
mbedtls_test_set_step( n1 * 10000 + n1_add );
if( !check_multipart( &ctx, MBEDTLS_CCM_STAR_ENCRYPT,
&iv_data, add, msg,
&encrypted_expected,
&tag_expected,
n1, n1_add ) )
goto exit;
}
}
}
2018-05-29 15:12:26 +02:00
exit:
mbedtls_ccm_free( &ctx );
mbedtls_free( io_msg_buf );
mbedtls_free( tag_buf );
2018-05-29 15:12:26 +02:00
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_ccm_star_auth_decrypt( int cipher_id,
data_t *key, data_t *msg,
data_t *source_address, data_t *frame_counter,
int sec_level, data_t *add,
data_t *expected_result, int output_ret )
2018-05-29 15:12:26 +02:00
{
unsigned char iv[13];
mbedtls_ccm_context ctx;
size_t iv_len, expected_tag_len;
size_t n1, n1_add;
2018-05-29 15:12:26 +02:00
/* Calculate tag length */
2018-05-29 15:12:26 +02:00
if( sec_level % 4 == 0)
expected_tag_len = 0;
2018-05-29 15:12:26 +02:00
else
expected_tag_len = 1 << ( sec_level % 4 + 1);
const size_t expected_msg_len = msg->len - expected_tag_len;
const uint8_t* expected_tag = msg->x + expected_msg_len;
2018-05-29 15:12:26 +02:00
/* Prepare input/output message buffer */
uint8_t* io_msg_buf = NULL;
ASSERT_ALLOC( io_msg_buf, expected_msg_len );
if( expected_msg_len )
memcpy( io_msg_buf, msg->x, expected_msg_len );
/* Calculate iv */
memset( iv, 0x00, sizeof( iv ) );
TEST_ASSERT( source_address->len == 8 );
TEST_ASSERT( frame_counter->len == 4 );
memcpy( iv, source_address->x, source_address->len );
memcpy( iv + source_address->len, frame_counter->x, frame_counter->len );
iv[source_address->len + frame_counter->len] = sec_level;
2018-05-29 15:12:26 +02:00
iv_len = sizeof( iv );
mbedtls_ccm_init( &ctx );
TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
/* Test with input == output */
TEST_EQUAL( mbedtls_ccm_star_auth_decrypt( &ctx, expected_msg_len, iv, iv_len,
add->x, add->len, io_msg_buf, io_msg_buf,
expected_tag, expected_tag_len ), output_ret );
2018-05-29 15:12:26 +02:00
ASSERT_COMPARE( io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len );
2018-05-29 15:12:26 +02:00
if( output_ret == 0 )
{
const data_t iv_data = { .x = iv,
.len = iv_len };
const data_t encrypted = { .x = msg->x,
.len = expected_msg_len} ;
const data_t tag_expected = { .x = (uint8_t*) expected_tag,
.len = expected_tag_len };
for( n1 = 0; n1 <= expected_msg_len; n1 += 1 )
{
for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
{
mbedtls_test_set_step( n1 * 10000 + n1_add );
if( !check_multipart( &ctx, MBEDTLS_CCM_STAR_DECRYPT,
&iv_data, add, &encrypted,
expected_result,
&tag_expected,
n1, n1_add ) )
goto exit;
}
}
}
2018-05-29 15:12:26 +02:00
exit:
mbedtls_ccm_free( &ctx );
mbedtls_free( io_msg_buf );
2018-05-29 15:12:26 +02:00
}
/* END_CASE */
/* Skip auth data, provide full text */
/* BEGIN_CASE */
void mbedtls_ccm_skip_ad( int cipher_id, int mode,
data_t * key, data_t * msg, data_t * iv,
data_t * result, data_t * tag )
{
mbedtls_ccm_context ctx;
uint8_t *output = NULL;
size_t olen;
/* Sanity checks on the test data */
TEST_EQUAL( msg->len, result->len );
mbedtls_ccm_init( &ctx );
TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, msg->len, tag->len ) );
ASSERT_ALLOC( output, result->len );
olen = 0xdeadbeef;
TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, result->len, &olen ) );
TEST_EQUAL( result->len, olen );
ASSERT_COMPARE( output, olen, result->x, result->len );
mbedtls_free( output );
output = NULL;
ASSERT_ALLOC( output, tag->len );
TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, output, tag->len ) );
ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
mbedtls_free( output );
output = NULL;
exit:
mbedtls_free( output );
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
/* Provide auth data, skip full text */
/* BEGIN_CASE */
void mbedtls_ccm_skip_update( int cipher_id, int mode,
data_t * key, data_t * iv, data_t* add,
data_t * tag )
{
mbedtls_ccm_context ctx;
uint8_t *output = NULL;
mbedtls_ccm_init( &ctx );
TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, tag->len ) );
TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
ASSERT_ALLOC( output, tag->len );
TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, output, tag->len ) );
ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
mbedtls_free( output );
output = NULL;
exit:
mbedtls_free( output );
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
/* Provide too much auth data */
/* BEGIN_CASE */
void mbedtls_ccm_overflow_ad( int cipher_id, int mode,
data_t * key, data_t * iv,
data_t * add )
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init( &ctx );
TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
// use hardcoded values for msg length and tag length. They are not a part of this test
// set half of auth data length to provoke an overflow
TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len / 2, 16, 16 ) );
TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
exit:
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
/* Provide incomplete auth data and finish */
/* BEGIN_CASE */
void mbedtls_ccm_incomplete_ad( int cipher_id, int mode,
data_t * key, data_t * iv, data_t* add )
{
mbedtls_ccm_context ctx;
uint8_t *output = NULL;
mbedtls_ccm_init( &ctx );
TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
// use hardcoded values for msg length and tag length. They are not a part of this test
TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, 16 ) );
TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len/2) );
ASSERT_ALLOC( output, 16 );
TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_SEQUENCE, mbedtls_ccm_finish( &ctx, output, 16 ) );
exit:
mbedtls_free( output );
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
/* Provide complete auth data on first update_ad.
* Provide unexpected auth data on second update_ad */
/* BEGIN_CASE */
void mbedtls_ccm_full_ad_and_overflow( int cipher_id, int mode,
data_t * key, data_t * iv,
data_t * add )
{
mbedtls_ccm_context ctx;
mbedtls_ccm_init( &ctx );
TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
// use hardcoded values for msg length and tag length. They are not a part of this test
TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 16, 16 ) );
// pass full auth data
TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
// pass 1 extra byte
TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_SEQUENCE, mbedtls_ccm_update_ad( &ctx, add->x, 1) );
exit:
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
/* Provide too much plaintext/ciphertext */
/* BEGIN_CASE */
void mbedtls_ccm_overflow_update( int cipher_id, int mode,
data_t * key, data_t * msg, data_t * iv,
data_t * add )
{
mbedtls_ccm_context ctx;
uint8_t *output = NULL;
size_t olen;
mbedtls_ccm_init( &ctx );
TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
// use hardcoded value for tag length. It is a not a part of this test
// set half of msg length to provoke an overflow
TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len / 2, 16 ) );
TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
ASSERT_ALLOC( output, msg->len );
TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \
mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) );
exit:
mbedtls_free( output );
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
/* Provide incomplete plaintext/ciphertext and finish */
/* BEGIN_CASE */
void mbedtls_ccm_incomplete_update( int cipher_id, int mode,
data_t * key, data_t * msg, data_t * iv,
data_t * add )
{
mbedtls_ccm_context ctx;
uint8_t *output = NULL;
size_t olen;
mbedtls_ccm_init( &ctx );
TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
// use hardcoded value for tag length. It is not a part of this test
TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) );
TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
ASSERT_ALLOC( output, msg->len );
olen = 0xdeadbeef;
TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len/2, output, msg->len, &olen ) );
mbedtls_free( output );
output = NULL;
ASSERT_ALLOC( output, 16 );
TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_SEQUENCE, mbedtls_ccm_finish( &ctx, output, 16 ) );
exit:
mbedtls_free( output );
mbedtls_ccm_free( &ctx );
}
/* END_CASE */
/* Provide full plaintext/ciphertext of first update
* Provide unexpected plaintext/ciphertext on second update */
/* BEGIN_CASE */
void mbedtls_ccm_full_update_and_overflow( int cipher_id, int mode,
data_t * key, data_t * msg, data_t * iv,
data_t * add )
{
mbedtls_ccm_context ctx;
uint8_t *output = NULL;
size_t olen;
mbedtls_ccm_init( &ctx );
TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
// use hardcoded value for tag length. It is a not a part of this test
TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) );
TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
ASSERT_ALLOC( output, msg->len );
// pass full text
TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) );
// pass 1 extra byte
TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \
mbedtls_ccm_update( &ctx, msg->x, 1, output, 1, &olen ) );
exit:
mbedtls_free( output );
mbedtls_ccm_free( &ctx );
}
/* END_CASE */