1a8e1175bSopenharmony_ci/* BEGIN_HEADER */ 2a8e1175bSopenharmony_ci#include "mbedtls/ccm.h" 3a8e1175bSopenharmony_ci 4a8e1175bSopenharmony_ci/* Use the multipart interface to process the encrypted data in two parts 5a8e1175bSopenharmony_ci * and check that the output matches the expected output. 6a8e1175bSopenharmony_ci * The context must have been set up with the key. */ 7a8e1175bSopenharmony_cistatic int check_multipart(mbedtls_ccm_context *ctx, 8a8e1175bSopenharmony_ci int mode, 9a8e1175bSopenharmony_ci const data_t *iv, 10a8e1175bSopenharmony_ci const data_t *add, 11a8e1175bSopenharmony_ci const data_t *input, 12a8e1175bSopenharmony_ci const data_t *expected_output, 13a8e1175bSopenharmony_ci const data_t *tag, 14a8e1175bSopenharmony_ci size_t n1, 15a8e1175bSopenharmony_ci size_t n1_add) 16a8e1175bSopenharmony_ci{ 17a8e1175bSopenharmony_ci int ok = 0; 18a8e1175bSopenharmony_ci uint8_t *output = NULL; 19a8e1175bSopenharmony_ci size_t n2 = input->len - n1; 20a8e1175bSopenharmony_ci size_t n2_add = add->len - n1_add; 21a8e1175bSopenharmony_ci size_t olen; 22a8e1175bSopenharmony_ci 23a8e1175bSopenharmony_ci /* Sanity checks on the test data */ 24a8e1175bSopenharmony_ci TEST_ASSERT(n1 <= input->len); 25a8e1175bSopenharmony_ci TEST_ASSERT(n1_add <= add->len); 26a8e1175bSopenharmony_ci TEST_EQUAL(input->len, expected_output->len); 27a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(ctx, mode, iv->x, iv->len)); 28a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(ctx, add->len, input->len, tag->len)); 29a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x, n1_add)); 30a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x + n1_add, n2_add)); 31a8e1175bSopenharmony_ci 32a8e1175bSopenharmony_ci /* Allocate a tight buffer for each update call. This way, if the function 33a8e1175bSopenharmony_ci * tries to write beyond the advertised required buffer size, this will 34a8e1175bSopenharmony_ci * count as an overflow for memory sanitizers and static checkers. */ 35a8e1175bSopenharmony_ci TEST_CALLOC(output, n1); 36a8e1175bSopenharmony_ci olen = 0xdeadbeef; 37a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x, n1, output, n1, &olen)); 38a8e1175bSopenharmony_ci TEST_EQUAL(n1, olen); 39a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output, olen, expected_output->x, n1); 40a8e1175bSopenharmony_ci mbedtls_free(output); 41a8e1175bSopenharmony_ci output = NULL; 42a8e1175bSopenharmony_ci 43a8e1175bSopenharmony_ci TEST_CALLOC(output, n2); 44a8e1175bSopenharmony_ci olen = 0xdeadbeef; 45a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x + n1, n2, output, n2, &olen)); 46a8e1175bSopenharmony_ci TEST_EQUAL(n2, olen); 47a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output, olen, expected_output->x + n1, n2); 48a8e1175bSopenharmony_ci mbedtls_free(output); 49a8e1175bSopenharmony_ci output = NULL; 50a8e1175bSopenharmony_ci 51a8e1175bSopenharmony_ci TEST_CALLOC(output, tag->len); 52a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_finish(ctx, output, tag->len)); 53a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); 54a8e1175bSopenharmony_ci mbedtls_free(output); 55a8e1175bSopenharmony_ci output = NULL; 56a8e1175bSopenharmony_ci 57a8e1175bSopenharmony_ci ok = 1; 58a8e1175bSopenharmony_ciexit: 59a8e1175bSopenharmony_ci mbedtls_free(output); 60a8e1175bSopenharmony_ci return ok; 61a8e1175bSopenharmony_ci} 62a8e1175bSopenharmony_ci/* END_HEADER */ 63a8e1175bSopenharmony_ci 64a8e1175bSopenharmony_ci/* BEGIN_DEPENDENCIES 65a8e1175bSopenharmony_ci * depends_on:MBEDTLS_CCM_C 66a8e1175bSopenharmony_ci * END_DEPENDENCIES 67a8e1175bSopenharmony_ci */ 68a8e1175bSopenharmony_ci 69a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_CCM_GCM_CAN_AES */ 70a8e1175bSopenharmony_civoid mbedtls_ccm_self_test() 71a8e1175bSopenharmony_ci{ 72a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 73a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ccm_self_test(1) == 0); 74a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 75a8e1175bSopenharmony_ci} 76a8e1175bSopenharmony_ci/* END_CASE */ 77a8e1175bSopenharmony_ci 78a8e1175bSopenharmony_ci/* BEGIN_CASE */ 79a8e1175bSopenharmony_civoid mbedtls_ccm_setkey(int cipher_id, int key_size, int result) 80a8e1175bSopenharmony_ci{ 81a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 82a8e1175bSopenharmony_ci unsigned char key[32]; 83a8e1175bSopenharmony_ci int ret; 84a8e1175bSopenharmony_ci 85a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 86a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 87a8e1175bSopenharmony_ci 88a8e1175bSopenharmony_ci memset(key, 0x2A, sizeof(key)); 89a8e1175bSopenharmony_ci TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key)); 90a8e1175bSopenharmony_ci 91a8e1175bSopenharmony_ci ret = mbedtls_ccm_setkey(&ctx, cipher_id, key, key_size); 92a8e1175bSopenharmony_ci TEST_ASSERT(ret == result); 93a8e1175bSopenharmony_ci 94a8e1175bSopenharmony_ciexit: 95a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 96a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 97a8e1175bSopenharmony_ci} 98a8e1175bSopenharmony_ci/* END_CASE */ 99a8e1175bSopenharmony_ci 100a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_CCM_GCM_CAN_AES */ 101a8e1175bSopenharmony_civoid ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res) 102a8e1175bSopenharmony_ci{ 103a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 104a8e1175bSopenharmony_ci unsigned char key[16]; 105a8e1175bSopenharmony_ci unsigned char msg[10]; 106a8e1175bSopenharmony_ci unsigned char iv[14]; 107a8e1175bSopenharmony_ci unsigned char *add = NULL; 108a8e1175bSopenharmony_ci unsigned char out[10]; 109a8e1175bSopenharmony_ci unsigned char tag[18]; 110a8e1175bSopenharmony_ci int decrypt_ret; 111a8e1175bSopenharmony_ci 112a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 113a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 114a8e1175bSopenharmony_ci 115a8e1175bSopenharmony_ci TEST_CALLOC_OR_SKIP(add, add_len); 116a8e1175bSopenharmony_ci memset(key, 0, sizeof(key)); 117a8e1175bSopenharmony_ci memset(msg, 0, sizeof(msg)); 118a8e1175bSopenharmony_ci memset(iv, 0, sizeof(iv)); 119a8e1175bSopenharmony_ci memset(out, 0, sizeof(out)); 120a8e1175bSopenharmony_ci memset(tag, 0, sizeof(tag)); 121a8e1175bSopenharmony_ci 122a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, 123a8e1175bSopenharmony_ci key, 8 * sizeof(key)) == 0); 124a8e1175bSopenharmony_ci 125a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ccm_encrypt_and_tag(&ctx, msg_len, iv, iv_len, add, add_len, 126a8e1175bSopenharmony_ci msg, out, tag, tag_len) == res); 127a8e1175bSopenharmony_ci 128a8e1175bSopenharmony_ci decrypt_ret = mbedtls_ccm_auth_decrypt(&ctx, msg_len, iv, iv_len, add, add_len, 129a8e1175bSopenharmony_ci msg, out, tag, tag_len); 130a8e1175bSopenharmony_ci 131a8e1175bSopenharmony_ci if (res == 0) { 132a8e1175bSopenharmony_ci TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED); 133a8e1175bSopenharmony_ci } else { 134a8e1175bSopenharmony_ci TEST_ASSERT(decrypt_ret == res); 135a8e1175bSopenharmony_ci } 136a8e1175bSopenharmony_ci 137a8e1175bSopenharmony_ciexit: 138a8e1175bSopenharmony_ci mbedtls_free(add); 139a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 140a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 141a8e1175bSopenharmony_ci} 142a8e1175bSopenharmony_ci/* END_CASE */ 143a8e1175bSopenharmony_ci 144a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_CCM_GCM_CAN_AES */ 145a8e1175bSopenharmony_civoid ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len, 146a8e1175bSopenharmony_ci int res) 147a8e1175bSopenharmony_ci{ 148a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 149a8e1175bSopenharmony_ci unsigned char key[16]; 150a8e1175bSopenharmony_ci unsigned char msg[10]; 151a8e1175bSopenharmony_ci unsigned char iv[14]; 152a8e1175bSopenharmony_ci unsigned char add[10]; 153a8e1175bSopenharmony_ci unsigned char out[10]; 154a8e1175bSopenharmony_ci unsigned char tag[18]; 155a8e1175bSopenharmony_ci int decrypt_ret; 156a8e1175bSopenharmony_ci 157a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 158a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 159a8e1175bSopenharmony_ci 160a8e1175bSopenharmony_ci memset(key, 0, sizeof(key)); 161a8e1175bSopenharmony_ci memset(msg, 0, sizeof(msg)); 162a8e1175bSopenharmony_ci memset(iv, 0, sizeof(iv)); 163a8e1175bSopenharmony_ci memset(add, 0, sizeof(add)); 164a8e1175bSopenharmony_ci memset(out, 0, sizeof(out)); 165a8e1175bSopenharmony_ci memset(tag, 0, sizeof(tag)); 166a8e1175bSopenharmony_ci 167a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, 168a8e1175bSopenharmony_ci key, 8 * sizeof(key)) == 0); 169a8e1175bSopenharmony_ci 170a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg_len, iv, iv_len, 171a8e1175bSopenharmony_ci add, add_len, msg, out, tag, tag_len) == res); 172a8e1175bSopenharmony_ci 173a8e1175bSopenharmony_ci decrypt_ret = mbedtls_ccm_star_auth_decrypt(&ctx, msg_len, iv, iv_len, add, 174a8e1175bSopenharmony_ci add_len, msg, out, tag, tag_len); 175a8e1175bSopenharmony_ci 176a8e1175bSopenharmony_ci if (res == 0 && tag_len != 0) { 177a8e1175bSopenharmony_ci TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED); 178a8e1175bSopenharmony_ci } else { 179a8e1175bSopenharmony_ci TEST_ASSERT(decrypt_ret == res); 180a8e1175bSopenharmony_ci } 181a8e1175bSopenharmony_ci 182a8e1175bSopenharmony_ciexit: 183a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 184a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 185a8e1175bSopenharmony_ci} 186a8e1175bSopenharmony_ci/* END_CASE */ 187a8e1175bSopenharmony_ci 188a8e1175bSopenharmony_ci/* BEGIN_CASE */ 189a8e1175bSopenharmony_civoid mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key, 190a8e1175bSopenharmony_ci data_t *msg, data_t *iv, 191a8e1175bSopenharmony_ci data_t *add, data_t *result) 192a8e1175bSopenharmony_ci{ 193a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 194a8e1175bSopenharmony_ci size_t n1, n1_add; 195a8e1175bSopenharmony_ci uint8_t *io_msg_buf = NULL; 196a8e1175bSopenharmony_ci uint8_t *tag_buf = NULL; 197a8e1175bSopenharmony_ci const size_t expected_tag_len = result->len - msg->len; 198a8e1175bSopenharmony_ci const uint8_t *expected_tag = result->x + msg->len; 199a8e1175bSopenharmony_ci 200a8e1175bSopenharmony_ci /* Prepare input/output message buffer */ 201a8e1175bSopenharmony_ci TEST_CALLOC(io_msg_buf, msg->len); 202a8e1175bSopenharmony_ci if (msg->len != 0) { 203a8e1175bSopenharmony_ci memcpy(io_msg_buf, msg->x, msg->len); 204a8e1175bSopenharmony_ci } 205a8e1175bSopenharmony_ci 206a8e1175bSopenharmony_ci /* Prepare tag buffer */ 207a8e1175bSopenharmony_ci TEST_CALLOC(tag_buf, expected_tag_len); 208a8e1175bSopenharmony_ci 209a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 210a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 211a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 212a8e1175bSopenharmony_ci /* Test with input == output */ 213a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len, 214a8e1175bSopenharmony_ci io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), 0); 215a8e1175bSopenharmony_ci 216a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(io_msg_buf, msg->len, result->x, msg->len); 217a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len); 218a8e1175bSopenharmony_ci 219a8e1175bSopenharmony_ci /* Prepare data_t structures for multipart testing */ 220a8e1175bSopenharmony_ci const data_t encrypted_expected = { .x = result->x, 221a8e1175bSopenharmony_ci .len = msg->len }; 222a8e1175bSopenharmony_ci const data_t tag_expected = { .x = (uint8_t *) expected_tag, /* cast to conform with data_t x type */ 223a8e1175bSopenharmony_ci .len = expected_tag_len }; 224a8e1175bSopenharmony_ci 225a8e1175bSopenharmony_ci for (n1 = 0; n1 <= msg->len; n1 += 1) { 226a8e1175bSopenharmony_ci for (n1_add = 0; n1_add <= add->len; n1_add += 1) { 227a8e1175bSopenharmony_ci mbedtls_test_set_step(n1 * 10000 + n1_add); 228a8e1175bSopenharmony_ci if (!check_multipart(&ctx, MBEDTLS_CCM_ENCRYPT, 229a8e1175bSopenharmony_ci iv, add, msg, 230a8e1175bSopenharmony_ci &encrypted_expected, 231a8e1175bSopenharmony_ci &tag_expected, 232a8e1175bSopenharmony_ci n1, n1_add)) { 233a8e1175bSopenharmony_ci goto exit; 234a8e1175bSopenharmony_ci } 235a8e1175bSopenharmony_ci } 236a8e1175bSopenharmony_ci } 237a8e1175bSopenharmony_ci 238a8e1175bSopenharmony_ciexit: 239a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 240a8e1175bSopenharmony_ci mbedtls_free(io_msg_buf); 241a8e1175bSopenharmony_ci mbedtls_free(tag_buf); 242a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 243a8e1175bSopenharmony_ci} 244a8e1175bSopenharmony_ci/* END_CASE */ 245a8e1175bSopenharmony_ci 246a8e1175bSopenharmony_ci/* BEGIN_CASE */ 247a8e1175bSopenharmony_civoid mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key, 248a8e1175bSopenharmony_ci data_t *msg, data_t *iv, data_t *result) 249a8e1175bSopenharmony_ci{ 250a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 251a8e1175bSopenharmony_ci uint8_t *output = NULL; 252a8e1175bSopenharmony_ci size_t olen; 253a8e1175bSopenharmony_ci 254a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 255a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 256a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 257a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 258a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0)); 259a8e1175bSopenharmony_ci 260a8e1175bSopenharmony_ci TEST_CALLOC(output, msg->len); 261a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); 262a8e1175bSopenharmony_ci TEST_EQUAL(result->len, olen); 263a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output, olen, result->x, result->len); 264a8e1175bSopenharmony_ci 265a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, NULL, 0)); 266a8e1175bSopenharmony_ciexit: 267a8e1175bSopenharmony_ci mbedtls_free(output); 268a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 269a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 270a8e1175bSopenharmony_ci} 271a8e1175bSopenharmony_ci/* END_CASE */ 272a8e1175bSopenharmony_ci 273a8e1175bSopenharmony_ci/* BEGIN_CASE */ 274a8e1175bSopenharmony_civoid mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key, 275a8e1175bSopenharmony_ci data_t *msg, data_t *iv, 276a8e1175bSopenharmony_ci data_t *add, int expected_tag_len, int result, 277a8e1175bSopenharmony_ci data_t *expected_msg) 278a8e1175bSopenharmony_ci{ 279a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 280a8e1175bSopenharmony_ci size_t n1, n1_add; 281a8e1175bSopenharmony_ci 282a8e1175bSopenharmony_ci const size_t expected_msg_len = msg->len - expected_tag_len; 283a8e1175bSopenharmony_ci const uint8_t *expected_tag = msg->x + expected_msg_len; 284a8e1175bSopenharmony_ci 285a8e1175bSopenharmony_ci /* Prepare input/output message buffer */ 286a8e1175bSopenharmony_ci uint8_t *io_msg_buf = NULL; 287a8e1175bSopenharmony_ci TEST_CALLOC(io_msg_buf, expected_msg_len); 288a8e1175bSopenharmony_ci if (expected_msg_len) { 289a8e1175bSopenharmony_ci memcpy(io_msg_buf, msg->x, expected_msg_len); 290a8e1175bSopenharmony_ci } 291a8e1175bSopenharmony_ci 292a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 293a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 294a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 295a8e1175bSopenharmony_ci /* Test with input == output */ 296a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_auth_decrypt(&ctx, expected_msg_len, iv->x, iv->len, add->x, add->len, 297a8e1175bSopenharmony_ci io_msg_buf, io_msg_buf, expected_tag, expected_tag_len), 298a8e1175bSopenharmony_ci result); 299a8e1175bSopenharmony_ci 300a8e1175bSopenharmony_ci if (result == 0) { 301a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len); 302a8e1175bSopenharmony_ci 303a8e1175bSopenharmony_ci /* Prepare data_t structures for multipart testing */ 304a8e1175bSopenharmony_ci const data_t encrypted = { .x = msg->x, 305a8e1175bSopenharmony_ci .len = expected_msg_len }; 306a8e1175bSopenharmony_ci 307a8e1175bSopenharmony_ci const data_t tag_expected = { .x = (uint8_t *) expected_tag, 308a8e1175bSopenharmony_ci .len = expected_tag_len }; 309a8e1175bSopenharmony_ci 310a8e1175bSopenharmony_ci for (n1 = 0; n1 <= expected_msg_len; n1 += 1) { 311a8e1175bSopenharmony_ci for (n1_add = 0; n1_add <= add->len; n1_add += 1) { 312a8e1175bSopenharmony_ci mbedtls_test_set_step(n1 * 10000 + n1_add); 313a8e1175bSopenharmony_ci if (!check_multipart(&ctx, MBEDTLS_CCM_DECRYPT, 314a8e1175bSopenharmony_ci iv, add, &encrypted, 315a8e1175bSopenharmony_ci expected_msg, 316a8e1175bSopenharmony_ci &tag_expected, 317a8e1175bSopenharmony_ci n1, n1_add)) { 318a8e1175bSopenharmony_ci goto exit; 319a8e1175bSopenharmony_ci } 320a8e1175bSopenharmony_ci } 321a8e1175bSopenharmony_ci } 322a8e1175bSopenharmony_ci } else { 323a8e1175bSopenharmony_ci size_t i; 324a8e1175bSopenharmony_ci 325a8e1175bSopenharmony_ci for (i = 0; i < expected_msg_len; i++) { 326a8e1175bSopenharmony_ci TEST_EQUAL(io_msg_buf[i], 0); 327a8e1175bSopenharmony_ci } 328a8e1175bSopenharmony_ci } 329a8e1175bSopenharmony_ci 330a8e1175bSopenharmony_ciexit: 331a8e1175bSopenharmony_ci mbedtls_free(io_msg_buf); 332a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 333a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 334a8e1175bSopenharmony_ci} 335a8e1175bSopenharmony_ci/* END_CASE */ 336a8e1175bSopenharmony_ci 337a8e1175bSopenharmony_ci/* BEGIN_CASE */ 338a8e1175bSopenharmony_civoid mbedtls_ccm_star_encrypt_and_tag(int cipher_id, 339a8e1175bSopenharmony_ci data_t *key, data_t *msg, 340a8e1175bSopenharmony_ci data_t *source_address, data_t *frame_counter, 341a8e1175bSopenharmony_ci int sec_level, data_t *add, 342a8e1175bSopenharmony_ci data_t *expected_result, int output_ret) 343a8e1175bSopenharmony_ci{ 344a8e1175bSopenharmony_ci unsigned char iv[13]; 345a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 346a8e1175bSopenharmony_ci size_t iv_len, expected_tag_len; 347a8e1175bSopenharmony_ci size_t n1, n1_add; 348a8e1175bSopenharmony_ci uint8_t *io_msg_buf = NULL; 349a8e1175bSopenharmony_ci uint8_t *tag_buf = NULL; 350a8e1175bSopenharmony_ci 351a8e1175bSopenharmony_ci const uint8_t *expected_tag = expected_result->x + msg->len; 352a8e1175bSopenharmony_ci 353a8e1175bSopenharmony_ci /* Calculate tag length */ 354a8e1175bSopenharmony_ci if (sec_level % 4 == 0) { 355a8e1175bSopenharmony_ci expected_tag_len = 0; 356a8e1175bSopenharmony_ci } else { 357a8e1175bSopenharmony_ci expected_tag_len = 1 << (sec_level % 4 + 1); 358a8e1175bSopenharmony_ci } 359a8e1175bSopenharmony_ci 360a8e1175bSopenharmony_ci /* Prepare input/output message buffer */ 361a8e1175bSopenharmony_ci TEST_CALLOC(io_msg_buf, msg->len); 362a8e1175bSopenharmony_ci if (msg->len) { 363a8e1175bSopenharmony_ci memcpy(io_msg_buf, msg->x, msg->len); 364a8e1175bSopenharmony_ci } 365a8e1175bSopenharmony_ci 366a8e1175bSopenharmony_ci /* Prepare tag buffer */ 367a8e1175bSopenharmony_ci if (expected_tag_len == 0) { 368a8e1175bSopenharmony_ci TEST_CALLOC(tag_buf, 16); 369a8e1175bSopenharmony_ci } else { 370a8e1175bSopenharmony_ci TEST_CALLOC(tag_buf, expected_tag_len); 371a8e1175bSopenharmony_ci } 372a8e1175bSopenharmony_ci 373a8e1175bSopenharmony_ci /* Calculate iv */ 374a8e1175bSopenharmony_ci TEST_ASSERT(source_address->len == 8); 375a8e1175bSopenharmony_ci TEST_ASSERT(frame_counter->len == 4); 376a8e1175bSopenharmony_ci memcpy(iv, source_address->x, source_address->len); 377a8e1175bSopenharmony_ci memcpy(iv + source_address->len, frame_counter->x, frame_counter->len); 378a8e1175bSopenharmony_ci iv[source_address->len + frame_counter->len] = sec_level; 379a8e1175bSopenharmony_ci iv_len = sizeof(iv); 380a8e1175bSopenharmony_ci 381a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 382a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 383a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, 384a8e1175bSopenharmony_ci key->x, key->len * 8), 0); 385a8e1175bSopenharmony_ci /* Test with input == output */ 386a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg->len, iv, iv_len, 387a8e1175bSopenharmony_ci add->x, add->len, io_msg_buf, 388a8e1175bSopenharmony_ci io_msg_buf, tag_buf, expected_tag_len), output_ret); 389a8e1175bSopenharmony_ci 390a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(io_msg_buf, msg->len, expected_result->x, msg->len); 391a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(tag_buf, expected_tag_len, expected_tag, expected_tag_len); 392a8e1175bSopenharmony_ci 393a8e1175bSopenharmony_ci if (output_ret == 0) { 394a8e1175bSopenharmony_ci const data_t iv_data = { .x = iv, 395a8e1175bSopenharmony_ci .len = iv_len }; 396a8e1175bSopenharmony_ci 397a8e1175bSopenharmony_ci const data_t encrypted_expected = { .x = expected_result->x, 398a8e1175bSopenharmony_ci .len = msg->len }; 399a8e1175bSopenharmony_ci const data_t tag_expected = { .x = (uint8_t *) expected_tag, 400a8e1175bSopenharmony_ci .len = expected_tag_len }; 401a8e1175bSopenharmony_ci 402a8e1175bSopenharmony_ci for (n1 = 0; n1 <= msg->len; n1 += 1) { 403a8e1175bSopenharmony_ci for (n1_add = 0; n1_add <= add->len; n1_add += 1) { 404a8e1175bSopenharmony_ci mbedtls_test_set_step(n1 * 10000 + n1_add); 405a8e1175bSopenharmony_ci if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_ENCRYPT, 406a8e1175bSopenharmony_ci &iv_data, add, msg, 407a8e1175bSopenharmony_ci &encrypted_expected, 408a8e1175bSopenharmony_ci &tag_expected, 409a8e1175bSopenharmony_ci n1, n1_add)) { 410a8e1175bSopenharmony_ci goto exit; 411a8e1175bSopenharmony_ci } 412a8e1175bSopenharmony_ci } 413a8e1175bSopenharmony_ci } 414a8e1175bSopenharmony_ci } 415a8e1175bSopenharmony_ci 416a8e1175bSopenharmony_ciexit: 417a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 418a8e1175bSopenharmony_ci mbedtls_free(io_msg_buf); 419a8e1175bSopenharmony_ci mbedtls_free(tag_buf); 420a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 421a8e1175bSopenharmony_ci} 422a8e1175bSopenharmony_ci/* END_CASE */ 423a8e1175bSopenharmony_ci 424a8e1175bSopenharmony_ci/* BEGIN_CASE */ 425a8e1175bSopenharmony_civoid mbedtls_ccm_star_auth_decrypt(int cipher_id, 426a8e1175bSopenharmony_ci data_t *key, data_t *msg, 427a8e1175bSopenharmony_ci data_t *source_address, data_t *frame_counter, 428a8e1175bSopenharmony_ci int sec_level, data_t *add, 429a8e1175bSopenharmony_ci data_t *expected_result, int output_ret) 430a8e1175bSopenharmony_ci{ 431a8e1175bSopenharmony_ci unsigned char iv[13]; 432a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 433a8e1175bSopenharmony_ci size_t iv_len, expected_tag_len; 434a8e1175bSopenharmony_ci size_t n1, n1_add; 435a8e1175bSopenharmony_ci 436a8e1175bSopenharmony_ci /* Calculate tag length */ 437a8e1175bSopenharmony_ci if (sec_level % 4 == 0) { 438a8e1175bSopenharmony_ci expected_tag_len = 0; 439a8e1175bSopenharmony_ci } else { 440a8e1175bSopenharmony_ci expected_tag_len = 1 << (sec_level % 4 + 1); 441a8e1175bSopenharmony_ci } 442a8e1175bSopenharmony_ci 443a8e1175bSopenharmony_ci const size_t expected_msg_len = msg->len - expected_tag_len; 444a8e1175bSopenharmony_ci const uint8_t *expected_tag = msg->x + expected_msg_len; 445a8e1175bSopenharmony_ci 446a8e1175bSopenharmony_ci /* Prepare input/output message buffer */ 447a8e1175bSopenharmony_ci uint8_t *io_msg_buf = NULL; 448a8e1175bSopenharmony_ci TEST_CALLOC(io_msg_buf, expected_msg_len); 449a8e1175bSopenharmony_ci if (expected_msg_len) { 450a8e1175bSopenharmony_ci memcpy(io_msg_buf, msg->x, expected_msg_len); 451a8e1175bSopenharmony_ci } 452a8e1175bSopenharmony_ci 453a8e1175bSopenharmony_ci /* Calculate iv */ 454a8e1175bSopenharmony_ci memset(iv, 0x00, sizeof(iv)); 455a8e1175bSopenharmony_ci TEST_ASSERT(source_address->len == 8); 456a8e1175bSopenharmony_ci TEST_ASSERT(frame_counter->len == 4); 457a8e1175bSopenharmony_ci memcpy(iv, source_address->x, source_address->len); 458a8e1175bSopenharmony_ci memcpy(iv + source_address->len, frame_counter->x, frame_counter->len); 459a8e1175bSopenharmony_ci iv[source_address->len + frame_counter->len] = sec_level; 460a8e1175bSopenharmony_ci iv_len = sizeof(iv); 461a8e1175bSopenharmony_ci 462a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 463a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 464a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0); 465a8e1175bSopenharmony_ci /* Test with input == output */ 466a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_star_auth_decrypt(&ctx, expected_msg_len, iv, iv_len, 467a8e1175bSopenharmony_ci add->x, add->len, io_msg_buf, io_msg_buf, 468a8e1175bSopenharmony_ci expected_tag, expected_tag_len), output_ret); 469a8e1175bSopenharmony_ci 470a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len); 471a8e1175bSopenharmony_ci 472a8e1175bSopenharmony_ci if (output_ret == 0) { 473a8e1175bSopenharmony_ci const data_t iv_data = { .x = iv, 474a8e1175bSopenharmony_ci .len = iv_len }; 475a8e1175bSopenharmony_ci 476a8e1175bSopenharmony_ci const data_t encrypted = { .x = msg->x, 477a8e1175bSopenharmony_ci .len = expected_msg_len }; 478a8e1175bSopenharmony_ci 479a8e1175bSopenharmony_ci const data_t tag_expected = { .x = (uint8_t *) expected_tag, 480a8e1175bSopenharmony_ci .len = expected_tag_len }; 481a8e1175bSopenharmony_ci 482a8e1175bSopenharmony_ci for (n1 = 0; n1 <= expected_msg_len; n1 += 1) { 483a8e1175bSopenharmony_ci for (n1_add = 0; n1_add <= add->len; n1_add += 1) { 484a8e1175bSopenharmony_ci mbedtls_test_set_step(n1 * 10000 + n1_add); 485a8e1175bSopenharmony_ci if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_DECRYPT, 486a8e1175bSopenharmony_ci &iv_data, add, &encrypted, 487a8e1175bSopenharmony_ci expected_result, 488a8e1175bSopenharmony_ci &tag_expected, 489a8e1175bSopenharmony_ci n1, n1_add)) { 490a8e1175bSopenharmony_ci goto exit; 491a8e1175bSopenharmony_ci } 492a8e1175bSopenharmony_ci } 493a8e1175bSopenharmony_ci } 494a8e1175bSopenharmony_ci } 495a8e1175bSopenharmony_ci 496a8e1175bSopenharmony_ciexit: 497a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 498a8e1175bSopenharmony_ci mbedtls_free(io_msg_buf); 499a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 500a8e1175bSopenharmony_ci} 501a8e1175bSopenharmony_ci/* END_CASE */ 502a8e1175bSopenharmony_ci 503a8e1175bSopenharmony_ci/* Skip auth data, provide full text */ 504a8e1175bSopenharmony_ci/* BEGIN_CASE */ 505a8e1175bSopenharmony_civoid mbedtls_ccm_skip_ad(int cipher_id, int mode, 506a8e1175bSopenharmony_ci data_t *key, data_t *msg, data_t *iv, 507a8e1175bSopenharmony_ci data_t *result, data_t *tag) 508a8e1175bSopenharmony_ci{ 509a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 510a8e1175bSopenharmony_ci uint8_t *output = NULL; 511a8e1175bSopenharmony_ci size_t olen; 512a8e1175bSopenharmony_ci 513a8e1175bSopenharmony_ci /* Sanity checks on the test data */ 514a8e1175bSopenharmony_ci TEST_EQUAL(msg->len, result->len); 515a8e1175bSopenharmony_ci 516a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 517a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 518a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 519a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 520a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len)); 521a8e1175bSopenharmony_ci 522a8e1175bSopenharmony_ci TEST_CALLOC(output, result->len); 523a8e1175bSopenharmony_ci olen = 0xdeadbeef; 524a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, result->len, &olen)); 525a8e1175bSopenharmony_ci TEST_EQUAL(result->len, olen); 526a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output, olen, result->x, result->len); 527a8e1175bSopenharmony_ci mbedtls_free(output); 528a8e1175bSopenharmony_ci output = NULL; 529a8e1175bSopenharmony_ci 530a8e1175bSopenharmony_ci TEST_CALLOC(output, tag->len); 531a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); 532a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); 533a8e1175bSopenharmony_ci mbedtls_free(output); 534a8e1175bSopenharmony_ci output = NULL; 535a8e1175bSopenharmony_ci 536a8e1175bSopenharmony_ciexit: 537a8e1175bSopenharmony_ci mbedtls_free(output); 538a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 539a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 540a8e1175bSopenharmony_ci} 541a8e1175bSopenharmony_ci/* END_CASE */ 542a8e1175bSopenharmony_ci 543a8e1175bSopenharmony_ci/* Provide auth data, skip full text */ 544a8e1175bSopenharmony_ci/* BEGIN_CASE */ 545a8e1175bSopenharmony_civoid mbedtls_ccm_skip_update(int cipher_id, int mode, 546a8e1175bSopenharmony_ci data_t *key, data_t *iv, data_t *add, 547a8e1175bSopenharmony_ci data_t *tag) 548a8e1175bSopenharmony_ci{ 549a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 550a8e1175bSopenharmony_ci uint8_t *output = NULL; 551a8e1175bSopenharmony_ci 552a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 553a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 554a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 555a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 556a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, tag->len)); 557a8e1175bSopenharmony_ci 558a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 559a8e1175bSopenharmony_ci 560a8e1175bSopenharmony_ci TEST_CALLOC(output, tag->len); 561a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len)); 562a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); 563a8e1175bSopenharmony_ci mbedtls_free(output); 564a8e1175bSopenharmony_ci output = NULL; 565a8e1175bSopenharmony_ci 566a8e1175bSopenharmony_ciexit: 567a8e1175bSopenharmony_ci mbedtls_free(output); 568a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 569a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 570a8e1175bSopenharmony_ci} 571a8e1175bSopenharmony_ci/* END_CASE */ 572a8e1175bSopenharmony_ci 573a8e1175bSopenharmony_ci/* Provide too much auth data */ 574a8e1175bSopenharmony_ci/* BEGIN_CASE */ 575a8e1175bSopenharmony_civoid mbedtls_ccm_overflow_ad(int cipher_id, int mode, 576a8e1175bSopenharmony_ci data_t *key, data_t *iv, 577a8e1175bSopenharmony_ci data_t *add) 578a8e1175bSopenharmony_ci{ 579a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 580a8e1175bSopenharmony_ci 581a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 582a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 583a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 584a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 585a8e1175bSopenharmony_ci // use hardcoded values for msg length and tag length. They are not a part of this test 586a8e1175bSopenharmony_ci // subtract 1 from configured auth data length to provoke an overflow 587a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len - 1, 16, 16)); 588a8e1175bSopenharmony_ci 589a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 590a8e1175bSopenharmony_ciexit: 591a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 592a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 593a8e1175bSopenharmony_ci} 594a8e1175bSopenharmony_ci/* END_CASE */ 595a8e1175bSopenharmony_ci 596a8e1175bSopenharmony_ci/* Provide unexpected auth data */ 597a8e1175bSopenharmony_ci/* BEGIN_CASE */ 598a8e1175bSopenharmony_civoid mbedtls_ccm_unexpected_ad(int cipher_id, int mode, 599a8e1175bSopenharmony_ci data_t *key, data_t *iv, 600a8e1175bSopenharmony_ci data_t *add) 601a8e1175bSopenharmony_ci{ 602a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 603a8e1175bSopenharmony_ci 604a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 605a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 606a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 607a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 608a8e1175bSopenharmony_ci // use hardcoded values for msg length and tag length. They are not a part of this test 609a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, 16, 16)); 610a8e1175bSopenharmony_ci 611a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 612a8e1175bSopenharmony_ciexit: 613a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 614a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 615a8e1175bSopenharmony_ci} 616a8e1175bSopenharmony_ci/* END_CASE */ 617a8e1175bSopenharmony_ci 618a8e1175bSopenharmony_ci/* Provide unexpected plaintext/ciphertext data */ 619a8e1175bSopenharmony_ci/* BEGIN_CASE */ 620a8e1175bSopenharmony_civoid mbedtls_ccm_unexpected_text(int cipher_id, int mode, 621a8e1175bSopenharmony_ci data_t *key, data_t *msg, data_t *iv, 622a8e1175bSopenharmony_ci data_t *add) 623a8e1175bSopenharmony_ci{ 624a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 625a8e1175bSopenharmony_ci uint8_t *output = NULL; 626a8e1175bSopenharmony_ci size_t olen; 627a8e1175bSopenharmony_ci 628a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 629a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 630a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 631a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 632a8e1175bSopenharmony_ci // use hardcoded value for tag length. It is not a part of this test 633a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16)); 634a8e1175bSopenharmony_ci 635a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 636a8e1175bSopenharmony_ci 637a8e1175bSopenharmony_ci TEST_CALLOC(output, msg->len); 638a8e1175bSopenharmony_ci olen = 0xdeadbeef; 639a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, 640a8e1175bSopenharmony_ci mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); 641a8e1175bSopenharmony_ciexit: 642a8e1175bSopenharmony_ci mbedtls_free(output); 643a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 644a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 645a8e1175bSopenharmony_ci} 646a8e1175bSopenharmony_ci/* END_CASE */ 647a8e1175bSopenharmony_ci 648a8e1175bSopenharmony_ci/* Provide incomplete auth data and finish */ 649a8e1175bSopenharmony_ci/* BEGIN_CASE */ 650a8e1175bSopenharmony_civoid mbedtls_ccm_incomplete_ad(int cipher_id, int mode, 651a8e1175bSopenharmony_ci data_t *key, data_t *iv, data_t *add) 652a8e1175bSopenharmony_ci{ 653a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 654a8e1175bSopenharmony_ci uint8_t *output = NULL; 655a8e1175bSopenharmony_ci 656a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 657a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 658a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 659a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 660a8e1175bSopenharmony_ci // use hardcoded values for msg length and tag length. They are not a part of this test 661a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16)); 662a8e1175bSopenharmony_ci 663a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1)); 664a8e1175bSopenharmony_ci 665a8e1175bSopenharmony_ci TEST_CALLOC(output, 16); 666a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); 667a8e1175bSopenharmony_ci 668a8e1175bSopenharmony_ciexit: 669a8e1175bSopenharmony_ci mbedtls_free(output); 670a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 671a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 672a8e1175bSopenharmony_ci} 673a8e1175bSopenharmony_ci/* END_CASE */ 674a8e1175bSopenharmony_ci 675a8e1175bSopenharmony_ci/* Provide complete auth data on first update_ad. 676a8e1175bSopenharmony_ci * Provide unexpected auth data on second update_ad */ 677a8e1175bSopenharmony_ci/* BEGIN_CASE */ 678a8e1175bSopenharmony_civoid mbedtls_ccm_full_ad_and_overflow(int cipher_id, int mode, 679a8e1175bSopenharmony_ci data_t *key, data_t *iv, 680a8e1175bSopenharmony_ci data_t *add) 681a8e1175bSopenharmony_ci{ 682a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 683a8e1175bSopenharmony_ci 684a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 685a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 686a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 687a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 688a8e1175bSopenharmony_ci // use hardcoded values for msg length and tag length. They are not a part of this test 689a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16)); 690a8e1175bSopenharmony_ci 691a8e1175bSopenharmony_ci // pass full auth data 692a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 693a8e1175bSopenharmony_ci // pass 1 extra byte 694a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, 1)); 695a8e1175bSopenharmony_ciexit: 696a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 697a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 698a8e1175bSopenharmony_ci} 699a8e1175bSopenharmony_ci/* END_CASE */ 700a8e1175bSopenharmony_ci 701a8e1175bSopenharmony_ci/* Provide incomplete auth data on first update_ad. 702a8e1175bSopenharmony_ci * Provide too much auth data on second update_ad */ 703a8e1175bSopenharmony_ci/* BEGIN_CASE */ 704a8e1175bSopenharmony_civoid mbedtls_ccm_incomplete_ad_and_overflow(int cipher_id, int mode, 705a8e1175bSopenharmony_ci data_t *key, data_t *iv, 706a8e1175bSopenharmony_ci data_t *add) 707a8e1175bSopenharmony_ci{ 708a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 709a8e1175bSopenharmony_ci uint8_t add_second_buffer[2]; 710a8e1175bSopenharmony_ci 711a8e1175bSopenharmony_ci add_second_buffer[0] = add->x[add->len - 1]; 712a8e1175bSopenharmony_ci add_second_buffer[1] = 0xAB; // some magic value 713a8e1175bSopenharmony_ci 714a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 715a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 716a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 717a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 718a8e1175bSopenharmony_ci // use hardcoded values for msg length and tag length. They are not a part of this test 719a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16)); 720a8e1175bSopenharmony_ci 721a8e1175bSopenharmony_ci // pass incomplete auth data 722a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1)); 723a8e1175bSopenharmony_ci // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte) 724a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add_second_buffer, 2)); 725a8e1175bSopenharmony_ciexit: 726a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 727a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 728a8e1175bSopenharmony_ci} 729a8e1175bSopenharmony_ci/* END_CASE */ 730a8e1175bSopenharmony_ci 731a8e1175bSopenharmony_ci/* Provide too much plaintext/ciphertext */ 732a8e1175bSopenharmony_ci/* BEGIN_CASE */ 733a8e1175bSopenharmony_civoid mbedtls_ccm_overflow_update(int cipher_id, int mode, 734a8e1175bSopenharmony_ci data_t *key, data_t *msg, data_t *iv, 735a8e1175bSopenharmony_ci data_t *add) 736a8e1175bSopenharmony_ci{ 737a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 738a8e1175bSopenharmony_ci uint8_t *output = NULL; 739a8e1175bSopenharmony_ci size_t olen; 740a8e1175bSopenharmony_ci 741a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 742a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 743a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 744a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 745a8e1175bSopenharmony_ci // use hardcoded value for tag length. It is a not a part of this test 746a8e1175bSopenharmony_ci // subtract 1 from configured msg length to provoke an overflow 747a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len - 1, 16)); 748a8e1175bSopenharmony_ci 749a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 750a8e1175bSopenharmony_ci 751a8e1175bSopenharmony_ci TEST_CALLOC(output, msg->len); 752a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \ 753a8e1175bSopenharmony_ci mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); 754a8e1175bSopenharmony_ciexit: 755a8e1175bSopenharmony_ci mbedtls_free(output); 756a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 757a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 758a8e1175bSopenharmony_ci} 759a8e1175bSopenharmony_ci/* END_CASE */ 760a8e1175bSopenharmony_ci 761a8e1175bSopenharmony_ci/* Provide incomplete plaintext/ciphertext and finish */ 762a8e1175bSopenharmony_ci/* BEGIN_CASE */ 763a8e1175bSopenharmony_civoid mbedtls_ccm_incomplete_update(int cipher_id, int mode, 764a8e1175bSopenharmony_ci data_t *key, data_t *msg, data_t *iv, 765a8e1175bSopenharmony_ci data_t *add) 766a8e1175bSopenharmony_ci{ 767a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 768a8e1175bSopenharmony_ci uint8_t *output = NULL; 769a8e1175bSopenharmony_ci size_t olen; 770a8e1175bSopenharmony_ci 771a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 772a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 773a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 774a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 775a8e1175bSopenharmony_ci // use hardcoded value for tag length. It is not a part of this test 776a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16)); 777a8e1175bSopenharmony_ci 778a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 779a8e1175bSopenharmony_ci 780a8e1175bSopenharmony_ci TEST_CALLOC(output, msg->len); 781a8e1175bSopenharmony_ci olen = 0xdeadbeef; 782a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len, &olen)); 783a8e1175bSopenharmony_ci mbedtls_free(output); 784a8e1175bSopenharmony_ci output = NULL; 785a8e1175bSopenharmony_ci 786a8e1175bSopenharmony_ci TEST_CALLOC(output, 16); 787a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); 788a8e1175bSopenharmony_ci 789a8e1175bSopenharmony_ciexit: 790a8e1175bSopenharmony_ci mbedtls_free(output); 791a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 792a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 793a8e1175bSopenharmony_ci} 794a8e1175bSopenharmony_ci/* END_CASE */ 795a8e1175bSopenharmony_ci 796a8e1175bSopenharmony_ci/* Provide full plaintext/ciphertext of first update 797a8e1175bSopenharmony_ci * Provide unexpected plaintext/ciphertext on second update */ 798a8e1175bSopenharmony_ci/* BEGIN_CASE */ 799a8e1175bSopenharmony_civoid mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode, 800a8e1175bSopenharmony_ci data_t *key, data_t *msg, data_t *iv, 801a8e1175bSopenharmony_ci data_t *add) 802a8e1175bSopenharmony_ci{ 803a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 804a8e1175bSopenharmony_ci uint8_t *output = NULL; 805a8e1175bSopenharmony_ci size_t olen; 806a8e1175bSopenharmony_ci 807a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 808a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 809a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 810a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 811a8e1175bSopenharmony_ci // use hardcoded value for tag length. It is a not a part of this test 812a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16)); 813a8e1175bSopenharmony_ci 814a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 815a8e1175bSopenharmony_ci 816a8e1175bSopenharmony_ci TEST_CALLOC(output, msg->len); 817a8e1175bSopenharmony_ci // pass full text 818a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen)); 819a8e1175bSopenharmony_ci // pass 1 extra byte 820a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \ 821a8e1175bSopenharmony_ci mbedtls_ccm_update(&ctx, msg->x, 1, output, 1, &olen)); 822a8e1175bSopenharmony_ciexit: 823a8e1175bSopenharmony_ci mbedtls_free(output); 824a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 825a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 826a8e1175bSopenharmony_ci} 827a8e1175bSopenharmony_ci/* END_CASE */ 828a8e1175bSopenharmony_ci 829a8e1175bSopenharmony_ci/* Provide incomplete plaintext/ciphertext of first update 830a8e1175bSopenharmony_ci * Provide too much plaintext/ciphertext on second update */ 831a8e1175bSopenharmony_ci/* BEGIN_CASE */ 832a8e1175bSopenharmony_civoid mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode, 833a8e1175bSopenharmony_ci data_t *key, data_t *msg, data_t *iv, 834a8e1175bSopenharmony_ci data_t *add) 835a8e1175bSopenharmony_ci{ 836a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 837a8e1175bSopenharmony_ci uint8_t *output = NULL; 838a8e1175bSopenharmony_ci size_t olen; 839a8e1175bSopenharmony_ci uint8_t msg_second_buffer[2]; 840a8e1175bSopenharmony_ci 841a8e1175bSopenharmony_ci msg_second_buffer[0] = msg->x[msg->len - 1]; 842a8e1175bSopenharmony_ci msg_second_buffer[1] = 0xAB; // some magic value 843a8e1175bSopenharmony_ci 844a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 845a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 846a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 847a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 848a8e1175bSopenharmony_ci // use hardcoded value for tag length. It is a not a part of this test 849a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16)); 850a8e1175bSopenharmony_ci 851a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len)); 852a8e1175bSopenharmony_ci 853a8e1175bSopenharmony_ci TEST_CALLOC(output, msg->len + 1); 854a8e1175bSopenharmony_ci // pass incomplete text 855a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen)); 856a8e1175bSopenharmony_ci // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte) 857a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \ 858a8e1175bSopenharmony_ci mbedtls_ccm_update(&ctx, msg_second_buffer, 2, output + msg->len - 1, 2, &olen)); 859a8e1175bSopenharmony_ciexit: 860a8e1175bSopenharmony_ci mbedtls_free(output); 861a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 862a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 863a8e1175bSopenharmony_ci} 864a8e1175bSopenharmony_ci/* END_CASE */ 865a8e1175bSopenharmony_ci 866a8e1175bSopenharmony_ci/* Finish without passing any auth data or plaintext/ciphertext input */ 867a8e1175bSopenharmony_ci/* BEGIN_CASE */ 868a8e1175bSopenharmony_civoid mbedtls_ccm_instant_finish(int cipher_id, int mode, 869a8e1175bSopenharmony_ci data_t *key, data_t *iv) 870a8e1175bSopenharmony_ci{ 871a8e1175bSopenharmony_ci mbedtls_ccm_context ctx; 872a8e1175bSopenharmony_ci uint8_t *output = NULL; 873a8e1175bSopenharmony_ci 874a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_INIT(); 875a8e1175bSopenharmony_ci mbedtls_ccm_init(&ctx); 876a8e1175bSopenharmony_ci TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0); 877a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len)); 878a8e1175bSopenharmony_ci // use hardcoded values for add length, msg length and tag length. 879a8e1175bSopenharmony_ci // They are not a part of this test 880a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 16, 16, 16)); 881a8e1175bSopenharmony_ci 882a8e1175bSopenharmony_ci TEST_CALLOC(output, 16); 883a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16)); 884a8e1175bSopenharmony_ci 885a8e1175bSopenharmony_ciexit: 886a8e1175bSopenharmony_ci mbedtls_free(output); 887a8e1175bSopenharmony_ci mbedtls_ccm_free(&ctx); 888a8e1175bSopenharmony_ci BLOCK_CIPHER_PSA_DONE(); 889a8e1175bSopenharmony_ci} 890a8e1175bSopenharmony_ci/* END_CASE */ 891