/* BEGIN_HEADER */ #include "mbedtls/ccm.h" /* Use the multipart interface to process the encrypted data in two parts * and check that the output matches the expected output. * The context must have been set up with the key. */ static int check_multipart(mbedtls_ccm_context *ctx, int mode, const data_t *iv, const data_t *add, const data_t *input, const data_t *expected_output, const data_t *tag, size_t n1, size_t n1_add) { int ok = 0; uint8_t *output = NULL; size_t n2 = input->len - n1; size_t n2_add = add->len - n1_add; size_t olen; /* Sanity checks on the test data */ TEST_ASSERT(n1 <= input->len); TEST_ASSERT(n1_add <= add->len); TEST_EQUAL(input->len, expected_output->len); TEST_EQUAL(0, mbedtls_ccm_starts(ctx, mode, iv->x, iv->len)); TEST_EQUAL(0, mbedtls_ccm_set_lengths(ctx, add->len, input->len, tag->len)); TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x, n1_add)); TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x + n1_add, n2_add)); /* Allocate a tight buffer for each update call. This way, if the function * tries to write beyond the advertised required buffer size, this will * count as an overflow for memory sanitizers and static checkers. */ ASSERT_ALLOC(output, n1); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x, n1, output, n1, &olen)); TEST_EQUAL(n1, olen); ASSERT_COMPARE(output, olen, expected_output->x, n1); mbedtls_free(output); output = NULL; ASSERT_ALLOC(output, n2); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x + n1, n2, output, n2, &olen)); TEST_EQUAL(n2, olen); ASSERT_COMPARE(output, olen, expected_output->x + n1, n2); mbedtls_free(output); output = NULL; ASSERT_ALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(ctx, output, tag->len)); ASSERT_COMPARE(output, tag->len, tag->x, tag->len); mbedtls_free(output); output = NULL; ok = 1; exit: mbedtls_free(output); return ok; } /* END_HEADER */ /* BEGIN_DEPENDENCIES * depends_on:MBEDTLS_CCM_C * END_DEPENDENCIES */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ void mbedtls_ccm_self_test() { TEST_ASSERT(mbedtls_ccm_self_test(1) == 0); } /* END_CASE */ /* BEGIN_CASE */ void mbedtls_ccm_setkey(int cipher_id, int key_size, int result) { mbedtls_ccm_context ctx; unsigned char key[32]; int ret; mbedtls_ccm_init(&ctx); memset(key, 0x2A, sizeof(key)); TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key)); ret = mbedtls_ccm_setkey(&ctx, cipher_id, key, key_size); TEST_ASSERT(ret == result); exit: mbedtls_ccm_free(&ctx); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_AES_C */ void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res) { mbedtls_ccm_context ctx; unsigned char key[16]; unsigned char msg[10]; unsigned char iv[14]; unsigned char *add = NULL; unsigned char out[10]; unsigned char tag[18]; int decrypt_ret; mbedtls_ccm_init(&ctx); ASSERT_ALLOC_WEAK(add, add_len); memset(key, 0, sizeof(key)); memset(msg, 0, sizeof(msg)); memset(iv, 0, sizeof(iv)); memset(out, 0, sizeof(out)); memset(tag, 0, sizeof(tag)); TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof(key)) == 0); TEST_ASSERT(mbedtls_ccm_encrypt_and_tag(&ctx, msg_len, iv, iv_len, add, add_len, msg, out, tag, tag_len) == res); decrypt_ret = mbedtls_ccm_auth_decrypt(&ctx, msg_len, iv, iv_len, add, add_len, msg, out, tag, tag_len); if (res == 0) { TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED); } else { TEST_ASSERT(decrypt_ret == res); } exit: mbedtls_free(add); mbedtls_ccm_free(&ctx); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_AES_C */ void ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res) { mbedtls_ccm_context ctx; unsigned char key[16]; unsigned char msg[10]; unsigned char iv[14]; unsigned char add[10]; unsigned char out[10]; unsigned char tag[18]; int decrypt_ret; mbedtls_ccm_init(&ctx); memset(key, 0, sizeof(key)); memset(msg, 0, sizeof(msg)); memset(iv, 0, sizeof(iv)); memset(add, 0, sizeof(add)); memset(out, 0, sizeof(out)); memset(tag, 0, sizeof(tag)); TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key, 8 * sizeof(key)) == 0); TEST_ASSERT(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg_len, iv, iv_len, add, add_len, msg, out, tag, tag_len) == res); decrypt_ret = mbedtls_ccm_star_auth_decrypt(&ctx, msg_len, iv, iv_len, add, add_len, msg, out, tag, tag_len); if (res == 0 && tag_len != 0) { TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED); } else { TEST_ASSERT(decrypt_ret == res); } exit: mbedtls_ccm_free(&ctx); } /* END_CASE */ /* BEGIN_CASE */ void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key, data_t *msg, data_t *iv, data_t *add, data_t *result) { mbedtls_ccm_context ctx; size_t n1, n1_add; uint8_t *io_msg_buf = NULL; uint8_t *tag_buf = NULL; const size_t expected_tag_len = result->len - msg->len; const uint8_t *expected_tag = result->x + msg->len; /* Prepare input/output message buffer */ ASSERT_ALLOC(io_msg_buf, msg->len); if (msg->len != 0) { memcpy(io_msg_buf, msg->x, msg->len); } /* Prepare tag buffer */ ASSERT_ALLOC(tag_buf, expected_tag_len); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); /* Test with input == output */ TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len, io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), 0); ASSERT_COMPARE(io_msg_buf, msg->len, result->x, msg->len); ASSERT_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len); /* Prepare data_t structures for multipart testing */ const data_t encrypted_expected = { .x = result->x, .len = msg->len }; const data_t tag_expected = { .x = (uint8_t *) expected_tag, /* cast to conform with data_t x type */ .len = expected_tag_len }; for (n1 = 0; n1 <= msg->len; n1 += 1) { for (n1_add = 0; n1_add <= add->len; n1_add += 1) { mbedtls_test_set_step(n1 * 10000 + n1_add); if (!check_multipart(&ctx, MBEDTLS_CCM_ENCRYPT, iv, add, msg, &encrypted_expected, &tag_expected, n1, n1_add)) { goto exit; } } } exit: mbedtls_ccm_free(&ctx); mbedtls_free(io_msg_buf); mbedtls_free(tag_buf); } /* END_CASE */ /* BEGIN_CASE */ void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key, data_t *msg, data_t *iv, data_t *result) { mbedtls_ccm_context ctx; uint8_t *output = NULL; size_t olen; mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0)); ASSERT_ALLOC(output, msg->len); TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); TEST_EQUAL(result->len, olen); ASSERT_COMPARE(output, olen, result->x, result->len); TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, NULL, 0)); exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); } /* END_CASE */ /* BEGIN_CASE */ void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key, data_t *msg, data_t *iv, data_t *add, int expected_tag_len, int result, data_t *expected_msg) { mbedtls_ccm_context ctx; size_t n1, n1_add; const size_t expected_msg_len = msg->len - expected_tag_len; const uint8_t *expected_tag = msg->x + expected_msg_len; /* Prepare input/output message buffer */ uint8_t *io_msg_buf = NULL; ASSERT_ALLOC(io_msg_buf, expected_msg_len); if (expected_msg_len) { memcpy(io_msg_buf, msg->x, expected_msg_len); } mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); /* Test with input == output */ TEST_EQUAL(mbedtls_ccm_auth_decrypt(&ctx, expected_msg_len, iv->x, iv->len, add->x, add->len, io_msg_buf, io_msg_buf, expected_tag, expected_tag_len), result); if (result == 0) { ASSERT_COMPARE(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len); /* Prepare data_t structures for multipart testing */ const data_t encrypted = { .x = msg->x, .len = expected_msg_len }; const data_t tag_expected = { .x = (uint8_t *) expected_tag, .len = expected_tag_len }; for (n1 = 0; n1 <= expected_msg_len; n1 += 1) { for (n1_add = 0; n1_add <= add->len; n1_add += 1) { mbedtls_test_set_step(n1 * 10000 + n1_add); if (!check_multipart(&ctx, MBEDTLS_CCM_DECRYPT, iv, add, &encrypted, expected_msg, &tag_expected, n1, n1_add)) { goto exit; } } } } else { size_t i; for (i = 0; i < expected_msg_len; i++) { TEST_EQUAL(io_msg_buf[i], 0); } } exit: mbedtls_free(io_msg_buf); mbedtls_ccm_free(&ctx); } /* END_CASE */ /* BEGIN_CASE */ void mbedtls_ccm_star_encrypt_and_tag(int cipher_id, data_t *key, data_t *msg, data_t *source_address, data_t *frame_counter, int sec_level, data_t *add, data_t *expected_result, int output_ret) { unsigned char iv[13]; mbedtls_ccm_context ctx; size_t iv_len, expected_tag_len; size_t n1, n1_add; uint8_t *io_msg_buf = NULL; uint8_t *tag_buf = NULL; const uint8_t *expected_tag = expected_result->x + msg->len; /* Calculate tag length */ if (sec_level % 4 == 0) { expected_tag_len = 0; } else { expected_tag_len = 1 << (sec_level % 4 + 1); } /* Prepare input/output message buffer */ ASSERT_ALLOC(io_msg_buf, msg->len); if (msg->len) { memcpy(io_msg_buf, msg->x, msg->len); } /* Prepare tag buffer */ if (expected_tag_len == 0) { ASSERT_ALLOC(tag_buf, 16); } else { ASSERT_ALLOC(tag_buf, expected_tag_len); } /* Calculate iv */ TEST_ASSERT(source_address->len == 8); TEST_ASSERT(frame_counter->len == 4); memcpy(iv, source_address->x, source_address->len); memcpy(iv + source_address->len, frame_counter->x, frame_counter->len); iv[source_address->len + frame_counter->len] = sec_level; iv_len = sizeof(iv); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); /* Test with input == output */ TEST_EQUAL(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg->len, iv, iv_len, add->x, add->len, io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), output_ret); ASSERT_COMPARE(io_msg_buf, msg->len, expected_result->x, msg->len); ASSERT_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len); if (output_ret == 0) { const data_t iv_data = { .x = iv, .len = iv_len }; const data_t encrypted_expected = { .x = expected_result->x, .len = msg->len }; const data_t tag_expected = { .x = (uint8_t *) expected_tag, .len = expected_tag_len }; for (n1 = 0; n1 <= msg->len; n1 += 1) { for (n1_add = 0; n1_add <= add->len; n1_add += 1) { mbedtls_test_set_step(n1 * 10000 + n1_add); if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_ENCRYPT, &iv_data, add, msg, &encrypted_expected, &tag_expected, n1, n1_add)) { goto exit; } } } } exit: mbedtls_ccm_free(&ctx); mbedtls_free(io_msg_buf); mbedtls_free(tag_buf); } /* END_CASE */ /* BEGIN_CASE */ void mbedtls_ccm_star_auth_decrypt(int cipher_id, data_t *key, data_t *msg, data_t *source_address, data_t *frame_counter, int sec_level, data_t *add, data_t *expected_result, int output_ret) { unsigned char iv[13]; mbedtls_ccm_context ctx; size_t iv_len, expected_tag_len; size_t n1, n1_add; /* Calculate tag length */ if (sec_level % 4 == 0) { expected_tag_len = 0; } else { expected_tag_len = 1 << (sec_level % 4 + 1); } const size_t expected_msg_len = msg->len - expected_tag_len; const uint8_t *expected_tag = msg->x + expected_msg_len; /* Prepare input/output message buffer */ uint8_t *io_msg_buf = NULL; ASSERT_ALLOC(io_msg_buf, expected_msg_len); if (expected_msg_len) { memcpy(io_msg_buf, msg->x, expected_msg_len); } /* Calculate iv */ memset(iv, 0x00, sizeof(iv)); TEST_ASSERT(source_address->len == 8); TEST_ASSERT(frame_counter->len == 4); memcpy(iv, source_address->x, source_address->len); memcpy(iv + source_address->len, frame_counter->x, frame_counter->len); iv[source_address->len + frame_counter->len] = sec_level; iv_len = sizeof(iv); mbedtls_ccm_init(&ctx); TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0); /* Test with input == output */ TEST_EQUAL(mbedtls_ccm_star_auth_decrypt(&ctx, expected_msg_len, iv, iv_len, add->x, add->len, io_msg_buf, io_msg_buf, expected_tag, expected_tag_len), output_ret); ASSERT_COMPARE(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len); if (output_ret == 0) { const data_t iv_data = { .x = iv, .len = iv_len }; const data_t encrypted = { .x = msg->x, .len = expected_msg_len }; const data_t tag_expected = { .x = (uint8_t *) expected_tag, .len = expected_tag_len }; for (n1 = 0; n1 <= expected_msg_len; n1 += 1) { for (n1_add = 0; n1_add <= add->len; n1_add += 1) { mbedtls_test_set_step(n1 * 10000 + n1_add); if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_DECRYPT, &iv_data, add, &encrypted, expected_result, &tag_expected, n1, n1_add)) { goto exit; } } } } exit: mbedtls_ccm_free(&ctx); mbedtls_free(io_msg_buf); } /* END_CASE */ /* Skip auth data, provide full text */ /* BEGIN_CASE */ void mbedtls_ccm_skip_ad(int cipher_id, int mode, data_t *key, data_t *msg, data_t *iv, data_t *result, data_t *tag) { mbedtls_ccm_context ctx; uint8_t *output = NULL; size_t olen; /* Sanity checks on the test data */ TEST_EQUAL(msg->len, result->len); mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len)); ASSERT_ALLOC(output, result->len); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, result->len, &olen)); TEST_EQUAL(result->len, olen); ASSERT_COMPARE(output, olen, result->x, result->len); mbedtls_free(output); output = NULL; ASSERT_ALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); ASSERT_COMPARE(output, tag->len, tag->x, tag->len); mbedtls_free(output); output = NULL; exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); } /* END_CASE */ /* Provide auth data, skip full text */ /* BEGIN_CASE */ void mbedtls_ccm_skip_update(int cipher_id, int mode, data_t *key, data_t *iv, data_t *add, data_t *tag) { mbedtls_ccm_context ctx; uint8_t *output = NULL; mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, tag->len)); TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); ASSERT_ALLOC(output, tag->len); TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); ASSERT_COMPARE(output, tag->len, tag->x, tag->len); mbedtls_free(output); output = NULL; exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); } /* END_CASE */ /* Provide too much auth data */ /* BEGIN_CASE */ void mbedtls_ccm_overflow_ad(int cipher_id, int mode, data_t *key, data_t *iv, data_t *add) { mbedtls_ccm_context ctx; mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); // use hardcoded values for msg length and tag length. They are not a part of this test // subtract 1 from configured auth data length to provoke an overflow TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len - 1, 16, 16)); TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); exit: mbedtls_ccm_free(&ctx); } /* END_CASE */ /* Provide unexpected auth data */ /* BEGIN_CASE */ void mbedtls_ccm_unexpected_ad(int cipher_id, int mode, data_t *key, data_t *iv, data_t *add) { mbedtls_ccm_context ctx; mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); // use hardcoded values for msg length and tag length. They are not a part of this test TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, 16, 16)); TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); exit: mbedtls_ccm_free(&ctx); } /* END_CASE */ /* Provide unexpected plaintext/ciphertext data */ /* BEGIN_CASE */ void mbedtls_ccm_unexpected_text(int cipher_id, int mode, data_t *key, data_t *msg, data_t *iv, data_t *add) { mbedtls_ccm_context ctx; uint8_t *output = NULL; size_t olen; mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); // use hardcoded value for tag length. It is not a part of this test TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16)); TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); ASSERT_ALLOC(output, msg->len); olen = 0xdeadbeef; TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); } /* END_CASE */ /* Provide incomplete auth data and finish */ /* BEGIN_CASE */ void mbedtls_ccm_incomplete_ad(int cipher_id, int mode, data_t *key, data_t *iv, data_t *add) { mbedtls_ccm_context ctx; uint8_t *output = NULL; mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); // use hardcoded values for msg length and tag length. They are not a part of this test TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16)); TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1)); ASSERT_ALLOC(output, 16); TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); } /* END_CASE */ /* Provide complete auth data on first update_ad. * Provide unexpected auth data on second update_ad */ /* BEGIN_CASE */ void mbedtls_ccm_full_ad_and_overflow(int cipher_id, int mode, data_t *key, data_t *iv, data_t *add) { mbedtls_ccm_context ctx; mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); // use hardcoded values for msg length and tag length. They are not a part of this test TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16)); // pass full auth data TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); // pass 1 extra byte TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, 1)); exit: mbedtls_ccm_free(&ctx); } /* END_CASE */ /* Provide incomplete auth data on first update_ad. * Provide too much auth data on second update_ad */ /* BEGIN_CASE */ void mbedtls_ccm_incomplete_ad_and_overflow(int cipher_id, int mode, data_t *key, data_t *iv, data_t *add) { mbedtls_ccm_context ctx; uint8_t add_second_buffer[2]; add_second_buffer[0] = add->x[add->len - 1]; add_second_buffer[1] = 0xAB; // some magic value mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); // use hardcoded values for msg length and tag length. They are not a part of this test TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16)); // pass incomplete auth data TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1)); // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte) TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add_second_buffer, 2)); exit: mbedtls_ccm_free(&ctx); } /* END_CASE */ /* Provide too much plaintext/ciphertext */ /* BEGIN_CASE */ void mbedtls_ccm_overflow_update(int cipher_id, int mode, data_t *key, data_t *msg, data_t *iv, data_t *add) { mbedtls_ccm_context ctx; uint8_t *output = NULL; size_t olen; mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); // use hardcoded value for tag length. It is a not a part of this test // subtract 1 from configured msg length to provoke an overflow TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len - 1, 16)); TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); ASSERT_ALLOC(output, msg->len); TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \ mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); } /* END_CASE */ /* Provide incomplete plaintext/ciphertext and finish */ /* BEGIN_CASE */ void mbedtls_ccm_incomplete_update(int cipher_id, int mode, data_t *key, data_t *msg, data_t *iv, data_t *add) { mbedtls_ccm_context ctx; uint8_t *output = NULL; size_t olen; mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); // use hardcoded value for tag length. It is not a part of this test TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16)); TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); ASSERT_ALLOC(output, msg->len); olen = 0xdeadbeef; TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len, &olen)); mbedtls_free(output); output = NULL; ASSERT_ALLOC(output, 16); TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); } /* END_CASE */ /* Provide full plaintext/ciphertext of first update * Provide unexpected plaintext/ciphertext on second update */ /* BEGIN_CASE */ void mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode, data_t *key, data_t *msg, data_t *iv, data_t *add) { mbedtls_ccm_context ctx; uint8_t *output = NULL; size_t olen; mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); // use hardcoded value for tag length. It is a not a part of this test TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16)); TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); ASSERT_ALLOC(output, msg->len); // pass full text TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); // pass 1 extra byte TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \ mbedtls_ccm_update(&ctx, msg->x, 1, output, 1, &olen)); exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); } /* END_CASE */ /* Provide incomplete plaintext/ciphertext of first update * Provide too much plaintext/ciphertext on second update */ /* BEGIN_CASE */ void mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode, data_t *key, data_t *msg, data_t *iv, data_t *add) { mbedtls_ccm_context ctx; uint8_t *output = NULL; size_t olen; uint8_t msg_second_buffer[2]; msg_second_buffer[0] = msg->x[msg->len - 1]; msg_second_buffer[1] = 0xAB; // some magic value mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); // use hardcoded value for tag length. It is a not a part of this test TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16)); TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); ASSERT_ALLOC(output, msg->len + 1); // pass incomplete text TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen)); // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte) TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \ mbedtls_ccm_update(&ctx, msg_second_buffer, 2, output + msg->len - 1, 2, &olen)); exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); } /* END_CASE */ /* Finish without passing any auth data or plaintext/ciphertext input */ /* BEGIN_CASE */ void mbedtls_ccm_instant_finish(int cipher_id, int mode, data_t *key, data_t *iv) { mbedtls_ccm_context ctx; uint8_t *output = NULL; mbedtls_ccm_init(&ctx); TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); // use hardcoded values for add length, msg length and tag length. // They are not a part of this test TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 16, 16, 16)); ASSERT_ALLOC(output, 16); TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); exit: mbedtls_free(output); mbedtls_ccm_free(&ctx); } /* END_CASE */