From a3237efefbc7b567b2261e9894205ff7153891fa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 18 Sep 2023 14:23:13 +0200 Subject: [PATCH] Move testing of mbedtls_ssl_decrypt_buf to a new test suite test_suite_ssl is huge and needs splitting. Create a new test suite focused on mbedtls_ssl_decrypt_buf(), which is a complicated function that needs more thorough testing with malformed inputs. At this point, we are only doing negative testing with CBC-non-ETM test suites. This needs to grow. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.data | 384 ------------------ tests/suites/test_suite_ssl.function | 229 ----------- tests/suites/test_suite_ssl_decrypt.function | 243 +++++++++++ tests/suites/test_suite_ssl_decrypt.misc.data | 383 +++++++++++++++++ 4 files changed, 626 insertions(+), 613 deletions(-) create mode 100644 tests/suites/test_suite_ssl_decrypt.function create mode 100644 tests/suites/test_suite_ssl_decrypt.misc.data diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 361c1606a..af12f8959 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -2681,390 +2681,6 @@ Record crypt, little space, NULL cipher, 1.2, MD5, EtM depends_on:MBEDTLS_CIPHER_NULL_CIPHER:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD_CAN_MD5:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_NULL:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_VERSION_TLS1_2:0:0 -Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1 - -Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=0 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=240 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=1 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=241 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=15 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15 - -Decrypt CBC !EtM, AES MD5 !trunc, padlen=255 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255 - -Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1 - -Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=240 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=241 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15 - -Decrypt CBC !EtM, AES SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255 - -Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1 - -Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=240 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=241 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15 - -Decrypt CBC !EtM, AES SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255 - -Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1 - -Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15 - -Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255 - -Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1 - -Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15 - -Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15 - -Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15 - -Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15 - -Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15 - -Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15 - -Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15 - -Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15 - -Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255 -depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 -ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255 - SSL TLS 1.3 Key schedule: Secret evolution #1 # Vector from TLS 1.3 Byte by Byte (https://tls13.ulfheim.net/) # Initial secret to Early Secret diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 915d10435..335f73437 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1464,235 +1464,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */ -void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, - int length_selector) -{ - /* - * Test record decryption for CBC without EtM, focused on the verification - * of padding and MAC. - * - * Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since - * the test framework doesn't support alternation in dependency statements, - * just depend on AES. - * - * The length_selector argument is interpreted as follows: - * - if it's -1, the plaintext length is 0 and minimal padding is applied - * - if it's -2, the plaintext length is 0 and maximal padding is applied - * - otherwise it must be in [0, 255] and is padding_length from RFC 5246: - * it's the length of the rest of the padding, that is, excluding the - * byte that encodes the length. The minimal non-zero plaintext length - * that gives this padding_length is automatically selected. - */ - mbedtls_ssl_context ssl; /* ONLY for debugging */ - mbedtls_ssl_transform t0, t1; - mbedtls_record rec, rec_save; - unsigned char *buf = NULL, *buf_save = NULL; - size_t buflen, olen = 0; - size_t plaintext_len, block_size, i; - unsigned char padlen; /* excluding the padding_length byte */ - unsigned char add_data[13]; -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; - size_t sign_mac_length = 0; - unsigned char mac[PSA_HASH_MAX_SIZE]; -#else - unsigned char mac[MBEDTLS_MD_MAX_SIZE]; -#endif - int exp_ret; - int ret; - const unsigned char pad_max_len = 255; /* Per the standard */ - - mbedtls_ssl_init(&ssl); - mbedtls_ssl_transform_init(&t0); - mbedtls_ssl_transform_init(&t1); - MD_OR_USE_PSA_INIT(); - - /* Set up transforms with dummy keys */ - ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, - 0, trunc_hmac, - MBEDTLS_SSL_VERSION_TLS1_2, - 0, 0); - - TEST_ASSERT(ret == 0); - - /* Determine padding/plaintext length */ - TEST_ASSERT(length_selector >= -2 && length_selector <= 255); - block_size = t0.ivlen; - if (length_selector < 0) { - plaintext_len = 0; - - /* Minimal padding - * The +1 is for the padding_length byte, not counted in padlen. */ - padlen = block_size - (t0.maclen + 1) % block_size; - - /* Maximal padding? */ - if (length_selector == -2) { - padlen += block_size * ((pad_max_len - padlen) / block_size); - } - } else { - padlen = length_selector; - - /* Minimal non-zero plaintext_length giving desired padding. - * The +1 is for the padding_length byte, not counted in padlen. */ - plaintext_len = block_size - (padlen + t0.maclen + 1) % block_size; - } - - /* Prepare a buffer for record data */ - buflen = block_size - + plaintext_len - + t0.maclen - + padlen + 1; - TEST_CALLOC(buf, buflen); - TEST_CALLOC(buf_save, buflen); - - /* Prepare a dummy record header */ - memset(rec.ctr, 0, sizeof(rec.ctr)); - rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; - mbedtls_ssl_write_version(rec.ver, MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_VERSION_TLS1_2); -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - rec.cid_len = 0; -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - - /* Prepare dummy record content */ - rec.buf = buf; - rec.buf_len = buflen; - rec.data_offset = block_size; - rec.data_len = plaintext_len; - memset(rec.buf + rec.data_offset, 42, rec.data_len); - - /* Serialized version of record header for MAC purposes */ - memcpy(add_data, rec.ctr, 8); - add_data[8] = rec.type; - add_data[9] = rec.ver[0]; - add_data[10] = rec.ver[1]; - add_data[11] = (rec.data_len >> 8) & 0xff; - add_data[12] = (rec.data_len >> 0) & 0xff; - - /* Set dummy IV */ - memset(t0.iv_enc, 0x55, t0.ivlen); - memcpy(rec.buf, t0.iv_enc, t0.ivlen); - - /* - * Prepare a pre-encryption record (with MAC and padding), and save it. - */ - - /* MAC with additional data */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) - TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation, - t0.psa_mac_enc, - t0.psa_mac_alg)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, - rec.buf + rec.data_offset, - rec.data_len)); - TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation, - mac, sizeof(mac), - &sign_mac_length)); -#else - TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, add_data, 13)); - TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, - rec.buf + rec.data_offset, - rec.data_len)); - TEST_EQUAL(0, mbedtls_md_hmac_finish(&t0.md_ctx_enc, mac)); -#endif - - memcpy(rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen); - rec.data_len += t0.maclen; - - /* Pad */ - memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1); - rec.data_len += padlen + 1; - - /* Save correct pre-encryption record */ - rec_save = rec; - rec_save.buf = buf_save; - memcpy(buf_save, buf, buflen); - - /* - * Encrypt and decrypt the correct record, expecting success - */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( - &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, - rec.data_len, rec.buf + rec.data_offset, &olen)); - rec.data_offset -= t0.ivlen; - rec.data_len += t0.ivlen; - - TEST_EQUAL(0, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); - - /* - * Modify each byte of the pre-encryption record before encrypting and - * decrypting it, expecting failure every time. - */ - for (i = block_size; i < buflen; i++) { - mbedtls_test_set_step(i); - - /* Restore correct pre-encryption record */ - rec = rec_save; - rec.buf = buf; - memcpy(buf, buf_save, buflen); - - /* Corrupt one byte of the data (could be plaintext, MAC or padding) */ - rec.buf[i] ^= 0x01; - - /* Encrypt */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( - &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, - rec.data_len, rec.buf + rec.data_offset, &olen)); - rec.data_offset -= t0.ivlen; - rec.data_len += t0.ivlen; - - /* Decrypt and expect failure */ - TEST_EQUAL(MBEDTLS_ERR_SSL_INVALID_MAC, - mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); - } - - /* - * Use larger values of the padding bytes - with small buffers, this tests - * the case where the announced padlen would be larger than the buffer - * (and before that, than the buffer minus the size of the MAC), to make - * sure our padding checking code does not perform any out-of-bounds reads - * in this case. (With larger buffers, ie when the plaintext is long or - * maximal length padding is used, this is less relevant but still doesn't - * hurt to test.) - * - * (Start the loop with correct padding, just to double-check that record - * saving did work, and that we're overwriting the correct bytes.) - */ - for (i = padlen; i <= pad_max_len; i++) { - mbedtls_test_set_step(i); - - /* Restore correct pre-encryption record */ - rec = rec_save; - rec.buf = buf; - memcpy(buf, buf_save, buflen); - - /* Set padding bytes to new value */ - memset(buf + buflen - padlen - 1, i, padlen + 1); - - /* Encrypt */ - TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( - &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, - rec.data_len, rec.buf + rec.data_offset, &olen)); - rec.data_offset -= t0.ivlen; - rec.data_len += t0.ivlen; - - /* Decrypt and expect failure except the first time */ - exp_ret = (i == padlen) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC; - TEST_EQUAL(exp_ret, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); - } - -exit: - mbedtls_ssl_free(&ssl); - mbedtls_ssl_transform_free(&t0); - mbedtls_ssl_transform_free(&t1); - mbedtls_free(buf); - mbedtls_free(buf_save); - MD_OR_USE_PSA_DONE(); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ void ssl_tls13_hkdf_expand_label(int hash_alg, data_t *secret, diff --git a/tests/suites/test_suite_ssl_decrypt.function b/tests/suites/test_suite_ssl_decrypt.function new file mode 100644 index 000000000..84abe2f6a --- /dev/null +++ b/tests/suites/test_suite_ssl_decrypt.function @@ -0,0 +1,243 @@ +/* BEGIN_HEADER */ +/* Testing of mbedtls_ssl_decrypt_buf() specifically, focusing on negative + * testing (using malformed inputs). */ + +#include +#include +#include + +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_SSL_TLS_C + * END_DEPENDENCIES + */ + +/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2 */ +void ssl_decrypt_non_etm_cbc(int cipher_type, int hash_id, int trunc_hmac, + int length_selector) +{ + /* + * Test record decryption for CBC without EtM, focused on the verification + * of padding and MAC. + * + * Actually depends on TLS 1.2 and either AES, ARIA or Camellia, but since + * the test framework doesn't support alternation in dependency statements, + * just depend on AES. + * + * The length_selector argument is interpreted as follows: + * - if it's -1, the plaintext length is 0 and minimal padding is applied + * - if it's -2, the plaintext length is 0 and maximal padding is applied + * - otherwise it must be in [0, 255] and is padding_length from RFC 5246: + * it's the length of the rest of the padding, that is, excluding the + * byte that encodes the length. The minimal non-zero plaintext length + * that gives this padding_length is automatically selected. + */ + mbedtls_ssl_context ssl; /* ONLY for debugging */ + mbedtls_ssl_transform t0, t1; + mbedtls_record rec, rec_save; + unsigned char *buf = NULL, *buf_save = NULL; + size_t buflen, olen = 0; + size_t plaintext_len, block_size, i; + unsigned char padlen; /* excluding the padding_length byte */ + unsigned char add_data[13]; +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; + size_t sign_mac_length = 0; + unsigned char mac[PSA_HASH_MAX_SIZE]; +#else + unsigned char mac[MBEDTLS_MD_MAX_SIZE]; +#endif + int exp_ret; + int ret; + const unsigned char pad_max_len = 255; /* Per the standard */ + + mbedtls_ssl_init(&ssl); + mbedtls_ssl_transform_init(&t0); + mbedtls_ssl_transform_init(&t1); + MD_OR_USE_PSA_INIT(); + + /* Set up transforms with dummy keys */ + ret = mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id, + 0, trunc_hmac, + MBEDTLS_SSL_VERSION_TLS1_2, + 0, 0); + + TEST_ASSERT(ret == 0); + + /* Determine padding/plaintext length */ + TEST_ASSERT(length_selector >= -2 && length_selector <= 255); + block_size = t0.ivlen; + if (length_selector < 0) { + plaintext_len = 0; + + /* Minimal padding + * The +1 is for the padding_length byte, not counted in padlen. */ + padlen = block_size - (t0.maclen + 1) % block_size; + + /* Maximal padding? */ + if (length_selector == -2) { + padlen += block_size * ((pad_max_len - padlen) / block_size); + } + } else { + padlen = length_selector; + + /* Minimal non-zero plaintext_length giving desired padding. + * The +1 is for the padding_length byte, not counted in padlen. */ + plaintext_len = block_size - (padlen + t0.maclen + 1) % block_size; + } + + /* Prepare a buffer for record data */ + buflen = block_size + + plaintext_len + + t0.maclen + + padlen + 1; + TEST_CALLOC(buf, buflen); + TEST_CALLOC(buf_save, buflen); + + /* Prepare a dummy record header */ + memset(rec.ctr, 0, sizeof(rec.ctr)); + rec.type = MBEDTLS_SSL_MSG_APPLICATION_DATA; + mbedtls_ssl_write_version(rec.ver, MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_VERSION_TLS1_2); +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + rec.cid_len = 0; +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + + /* Prepare dummy record content */ + rec.buf = buf; + rec.buf_len = buflen; + rec.data_offset = block_size; + rec.data_len = plaintext_len; + memset(rec.buf + rec.data_offset, 42, rec.data_len); + + /* Serialized version of record header for MAC purposes */ + memcpy(add_data, rec.ctr, 8); + add_data[8] = rec.type; + add_data[9] = rec.ver[0]; + add_data[10] = rec.ver[1]; + add_data[11] = (rec.data_len >> 8) & 0xff; + add_data[12] = (rec.data_len >> 0) & 0xff; + + /* Set dummy IV */ + memset(t0.iv_enc, 0x55, t0.ivlen); + memcpy(rec.buf, t0.iv_enc, t0.ivlen); + + /* + * Prepare a pre-encryption record (with MAC and padding), and save it. + */ + + /* MAC with additional data */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) + TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation, + t0.psa_mac_enc, + t0.psa_mac_alg)); + TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data, 13)); + TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, + rec.buf + rec.data_offset, + rec.data_len)); + TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation, + mac, sizeof(mac), + &sign_mac_length)); +#else + TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, add_data, 13)); + TEST_EQUAL(0, mbedtls_md_hmac_update(&t0.md_ctx_enc, + rec.buf + rec.data_offset, + rec.data_len)); + TEST_EQUAL(0, mbedtls_md_hmac_finish(&t0.md_ctx_enc, mac)); +#endif + + memcpy(rec.buf + rec.data_offset + rec.data_len, mac, t0.maclen); + rec.data_len += t0.maclen; + + /* Pad */ + memset(rec.buf + rec.data_offset + rec.data_len, padlen, padlen + 1); + rec.data_len += padlen + 1; + + /* Save correct pre-encryption record */ + rec_save = rec; + rec_save.buf = buf_save; + memcpy(buf_save, buf, buflen); + + /* + * Encrypt and decrypt the correct record, expecting success + */ + TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( + &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, + rec.data_len, rec.buf + rec.data_offset, &olen)); + rec.data_offset -= t0.ivlen; + rec.data_len += t0.ivlen; + + TEST_EQUAL(0, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); + + /* + * Modify each byte of the pre-encryption record before encrypting and + * decrypting it, expecting failure every time. + */ + for (i = block_size; i < buflen; i++) { + mbedtls_test_set_step(i); + + /* Restore correct pre-encryption record */ + rec = rec_save; + rec.buf = buf; + memcpy(buf, buf_save, buflen); + + /* Corrupt one byte of the data (could be plaintext, MAC or padding) */ + rec.buf[i] ^= 0x01; + + /* Encrypt */ + TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( + &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, + rec.data_len, rec.buf + rec.data_offset, &olen)); + rec.data_offset -= t0.ivlen; + rec.data_len += t0.ivlen; + + /* Decrypt and expect failure */ + TEST_EQUAL(MBEDTLS_ERR_SSL_INVALID_MAC, + mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); + } + + /* + * Use larger values of the padding bytes - with small buffers, this tests + * the case where the announced padlen would be larger than the buffer + * (and before that, than the buffer minus the size of the MAC), to make + * sure our padding checking code does not perform any out-of-bounds reads + * in this case. (With larger buffers, ie when the plaintext is long or + * maximal length padding is used, this is less relevant but still doesn't + * hurt to test.) + * + * (Start the loop with correct padding, just to double-check that record + * saving did work, and that we're overwriting the correct bytes.) + */ + for (i = padlen; i <= pad_max_len; i++) { + mbedtls_test_set_step(i); + + /* Restore correct pre-encryption record */ + rec = rec_save; + rec.buf = buf; + memcpy(buf, buf_save, buflen); + + /* Set padding bytes to new value */ + memset(buf + buflen - padlen - 1, i, padlen + 1); + + /* Encrypt */ + TEST_EQUAL(0, mbedtls_test_psa_cipher_encrypt_helper( + &t0, t0.iv_enc, t0.ivlen, rec.buf + rec.data_offset, + rec.data_len, rec.buf + rec.data_offset, &olen)); + rec.data_offset -= t0.ivlen; + rec.data_len += t0.ivlen; + + /* Decrypt and expect failure except the first time */ + exp_ret = (i == padlen) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC; + TEST_EQUAL(exp_ret, mbedtls_ssl_decrypt_buf(&ssl, &t1, &rec)); + } + +exit: + mbedtls_ssl_free(&ssl); + mbedtls_ssl_transform_free(&t0); + mbedtls_ssl_transform_free(&t1); + mbedtls_free(buf); + mbedtls_free(buf_save); + MD_OR_USE_PSA_DONE(); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_ssl_decrypt.misc.data b/tests/suites/test_suite_ssl_decrypt.misc.data new file mode 100644 index 000000000..6a75dd5c4 --- /dev/null +++ b/tests/suites/test_suite_ssl_decrypt.misc.data @@ -0,0 +1,383 @@ +Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-1 + +Decrypt CBC !EtM, AES MD5 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:-2 + +Decrypt CBC !EtM, AES MD5 !trunc, padlen=0 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:0 + +Decrypt CBC !EtM, AES MD5 !trunc, padlen=240 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:240 + +Decrypt CBC !EtM, AES MD5 !trunc, padlen=1 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:1 + +Decrypt CBC !EtM, AES MD5 !trunc, padlen=241 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:241 + +Decrypt CBC !EtM, AES MD5 !trunc, padlen=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:15 + +Decrypt CBC !EtM, AES MD5 !trunc, padlen=255 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_MD5:0:255 + +Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-1 + +Decrypt CBC !EtM, AES SHA1 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:-2 + +Decrypt CBC !EtM, AES SHA1 !trunc, padlen=0 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:0 + +Decrypt CBC !EtM, AES SHA1 !trunc, padlen=240 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:240 + +Decrypt CBC !EtM, AES SHA1 !trunc, padlen=1 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:1 + +Decrypt CBC !EtM, AES SHA1 !trunc, padlen=241 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:241 + +Decrypt CBC !EtM, AES SHA1 !trunc, padlen=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:15 + +Decrypt CBC !EtM, AES SHA1 !trunc, padlen=255 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA1:0:255 + +Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-1 + +Decrypt CBC !EtM, AES SHA256 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:-2 + +Decrypt CBC !EtM, AES SHA256 !trunc, padlen=0 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:0 + +Decrypt CBC !EtM, AES SHA256 !trunc, padlen=240 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:240 + +Decrypt CBC !EtM, AES SHA256 !trunc, padlen=1 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:1 + +Decrypt CBC !EtM, AES SHA256 !trunc, padlen=241 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:241 + +Decrypt CBC !EtM, AES SHA256 !trunc, padlen=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:15 + +Decrypt CBC !EtM, AES SHA256 !trunc, padlen=255 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA256:0:255 + +Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-1 + +Decrypt CBC !EtM, AES SHA384 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:-2 + +Decrypt CBC !EtM, AES SHA384 !trunc, padlen=0 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:0 + +Decrypt CBC !EtM, AES SHA384 !trunc, padlen=240 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:240 + +Decrypt CBC !EtM, AES SHA384 !trunc, padlen=1 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:1 + +Decrypt CBC !EtM, AES SHA384 !trunc, padlen=241 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:241 + +Decrypt CBC !EtM, AES SHA384 !trunc, padlen=15 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:15 + +Decrypt CBC !EtM, AES SHA384 !trunc, padlen=255 +depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_AES_128_CBC:MBEDTLS_MD_SHA384:0:255 + +Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-1 + +Decrypt CBC !EtM, ARIA MD5 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:-2 + +Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=0 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:0 + +Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=240 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:240 + +Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:1 + +Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=241 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:241 + +Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=15 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:15 + +Decrypt CBC !EtM, ARIA MD5 !trunc, padlen=255 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_MD5:0:255 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=0 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:0 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=240 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:240 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:1 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=241 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:241 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=15 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:15 + +Decrypt CBC !EtM, ARIA SHA1 !trunc, padlen=255 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA1:0:255 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=0 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:0 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=240 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:240 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:1 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=241 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:241 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=15 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:15 + +Decrypt CBC !EtM, ARIA SHA256 !trunc, padlen=255 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA256:0:255 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=0 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:0 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=240 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:240 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=1 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:1 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=241 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:241 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=15 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:15 + +Decrypt CBC !EtM, ARIA SHA384 !trunc, padlen=255 +depends_on:MBEDTLS_ARIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_ARIA_128_CBC:MBEDTLS_MD_SHA384:0:255 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-1 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:-2 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=0 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:0 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=240 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:240 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:1 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=241 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:241 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=15 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:15 + +Decrypt CBC !EtM, CAMELLIA MD5 !trunc, padlen=255 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_MD5 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_MD5:0:255 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-1 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:-2 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=0 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:0 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=240 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:240 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:1 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=241 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:241 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=15 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:15 + +Decrypt CBC !EtM, CAMELLIA SHA1 !trunc, padlen=255 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA1 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA1:0:255 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-1 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:-2 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=0 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:0 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=240 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:240 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:1 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=241 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:241 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=15 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:15 + +Decrypt CBC !EtM, CAMELLIA SHA256 !trunc, padlen=255 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA256 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA256:0:255 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, minpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-1 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, empty plaintext, maxpad +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:-2 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=0 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:0 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=240 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:240 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=1 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:1 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=241 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:241 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=15 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:15 + +Decrypt CBC !EtM, CAMELLIA SHA384 !trunc, padlen=255 +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_MD_CAN_SHA384 +ssl_decrypt_non_etm_cbc:MBEDTLS_CIPHER_CAMELLIA_128_CBC:MBEDTLS_MD_SHA384:0:255