1a8e1175bSopenharmony_ci/* BEGIN_HEADER */ 2a8e1175bSopenharmony_ci#include "mbedtls/cipher.h" 3a8e1175bSopenharmony_ci#include "mbedtls/aes.h" 4a8e1175bSopenharmony_ci 5a8e1175bSopenharmony_ci#if defined(MBEDTLS_GCM_C) 6a8e1175bSopenharmony_ci#include "mbedtls/gcm.h" 7a8e1175bSopenharmony_ci#endif 8a8e1175bSopenharmony_ci 9a8e1175bSopenharmony_ci#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA) || defined(MBEDTLS_NIST_KW_C) 10a8e1175bSopenharmony_ci#define MBEDTLS_CIPHER_AUTH_CRYPT 11a8e1175bSopenharmony_ci#endif 12a8e1175bSopenharmony_ci 13a8e1175bSopenharmony_ci/* Check the internal consistency of a cipher info structure, and 14a8e1175bSopenharmony_ci * check it against mbedtls_cipher_info_from_xxx(). */ 15a8e1175bSopenharmony_cistatic int check_cipher_info(mbedtls_cipher_type_t type, 16a8e1175bSopenharmony_ci const mbedtls_cipher_info_t *info) 17a8e1175bSopenharmony_ci{ 18a8e1175bSopenharmony_ci size_t key_bitlen, block_size, iv_size; 19a8e1175bSopenharmony_ci 20a8e1175bSopenharmony_ci TEST_ASSERT(info != NULL); 21a8e1175bSopenharmony_ci TEST_EQUAL(type, mbedtls_cipher_info_get_type(info)); 22a8e1175bSopenharmony_ci TEST_EQUAL(type, info->type); 23a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_info_from_type(type) == info); 24a8e1175bSopenharmony_ci 25a8e1175bSopenharmony_ci TEST_EQUAL(info->mode, mbedtls_cipher_info_get_mode(info)); 26a8e1175bSopenharmony_ci 27a8e1175bSopenharmony_ci /* Insist that get_name() return the string from the structure and 28a8e1175bSopenharmony_ci * not a copy. A copy would have an unknown storage duration. */ 29a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_info_get_name(info) == info->name); 30a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_info_from_string(info->name) == info); 31a8e1175bSopenharmony_ci 32a8e1175bSopenharmony_ci key_bitlen = mbedtls_cipher_info_get_key_bitlen(info); 33a8e1175bSopenharmony_ci block_size = mbedtls_cipher_info_get_block_size(info); 34a8e1175bSopenharmony_ci iv_size = mbedtls_cipher_info_get_iv_size(info); 35a8e1175bSopenharmony_ci if (info->type == MBEDTLS_CIPHER_NULL) { 36a8e1175bSopenharmony_ci TEST_ASSERT(key_bitlen == 0); 37a8e1175bSopenharmony_ci TEST_ASSERT(block_size == 1); 38a8e1175bSopenharmony_ci TEST_ASSERT(iv_size == 0); 39a8e1175bSopenharmony_ci } else if (info->mode == MBEDTLS_MODE_XTS) { 40a8e1175bSopenharmony_ci TEST_ASSERT(key_bitlen == 256 || 41a8e1175bSopenharmony_ci key_bitlen == 384 || 42a8e1175bSopenharmony_ci key_bitlen == 512); 43a8e1175bSopenharmony_ci } else if (!strncmp(info->name, "DES-EDE3-", 9)) { 44a8e1175bSopenharmony_ci TEST_ASSERT(key_bitlen == 192); 45a8e1175bSopenharmony_ci TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 46a8e1175bSopenharmony_ci TEST_ASSERT(block_size == 8); 47a8e1175bSopenharmony_ci } else if (!strncmp(info->name, "DES-EDE-", 8)) { 48a8e1175bSopenharmony_ci TEST_ASSERT(key_bitlen == 128); 49a8e1175bSopenharmony_ci TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 50a8e1175bSopenharmony_ci TEST_ASSERT(block_size == 8); 51a8e1175bSopenharmony_ci } else if (!strncmp(info->name, "DES-", 4)) { 52a8e1175bSopenharmony_ci TEST_ASSERT(key_bitlen == 64); 53a8e1175bSopenharmony_ci TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 54a8e1175bSopenharmony_ci TEST_ASSERT(block_size == 8); 55a8e1175bSopenharmony_ci } else if (!strncmp(info->name, "AES", 3)) { 56a8e1175bSopenharmony_ci TEST_ASSERT(key_bitlen == 128 || 57a8e1175bSopenharmony_ci key_bitlen == 192 || 58a8e1175bSopenharmony_ci key_bitlen == 256); 59a8e1175bSopenharmony_ci TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 60a8e1175bSopenharmony_ci TEST_ASSERT(block_size == 16); 61a8e1175bSopenharmony_ci } else { 62a8e1175bSopenharmony_ci TEST_ASSERT(key_bitlen == 128 || 63a8e1175bSopenharmony_ci key_bitlen == 192 || 64a8e1175bSopenharmony_ci key_bitlen == 256); 65a8e1175bSopenharmony_ci } 66a8e1175bSopenharmony_ci TEST_LE_U(key_bitlen, MBEDTLS_MAX_KEY_LENGTH * 8); 67a8e1175bSopenharmony_ci TEST_LE_U(block_size, MBEDTLS_MAX_BLOCK_LENGTH); 68a8e1175bSopenharmony_ci TEST_LE_U(iv_size, MBEDTLS_MAX_IV_LENGTH); 69a8e1175bSopenharmony_ci 70a8e1175bSopenharmony_ci if (strstr(info->name, "-ECB") != NULL) { 71a8e1175bSopenharmony_ci TEST_ASSERT(iv_size == 0); 72a8e1175bSopenharmony_ci TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info)); 73a8e1175bSopenharmony_ci } else if (strstr(info->name, "-CBC") != NULL || 74a8e1175bSopenharmony_ci strstr(info->name, "-CTR") != NULL) { 75a8e1175bSopenharmony_ci TEST_ASSERT(iv_size == block_size); 76a8e1175bSopenharmony_ci TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info)); 77a8e1175bSopenharmony_ci } else if (strstr(info->name, "-GCM") != NULL) { 78a8e1175bSopenharmony_ci TEST_ASSERT(iv_size == block_size - 4); 79a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_info_has_variable_iv_size(info)); 80a8e1175bSopenharmony_ci } 81a8e1175bSopenharmony_ci 82a8e1175bSopenharmony_ci return 1; 83a8e1175bSopenharmony_ci 84a8e1175bSopenharmony_ciexit: 85a8e1175bSopenharmony_ci return 0; 86a8e1175bSopenharmony_ci} 87a8e1175bSopenharmony_ci 88a8e1175bSopenharmony_ci#if defined(MBEDTLS_CIPHER_MODE_AEAD) 89a8e1175bSopenharmony_ci/* Helper for resetting key/direction 90a8e1175bSopenharmony_ci * 91a8e1175bSopenharmony_ci * The documentation doesn't explicitly say whether calling 92a8e1175bSopenharmony_ci * mbedtls_cipher_setkey() twice is allowed or not. This currently works with 93a8e1175bSopenharmony_ci * the default software implementation, but only by accident. It isn't 94a8e1175bSopenharmony_ci * guaranteed to work with new ciphers or with alternative implementations of 95a8e1175bSopenharmony_ci * individual ciphers, and it doesn't work with the PSA wrappers. So don't do 96a8e1175bSopenharmony_ci * it, and instead start with a fresh context. 97a8e1175bSopenharmony_ci */ 98a8e1175bSopenharmony_cistatic int cipher_reset_key(mbedtls_cipher_context_t *ctx, int cipher_id, 99a8e1175bSopenharmony_ci int use_psa, size_t tag_len, const data_t *key, int direction) 100a8e1175bSopenharmony_ci{ 101a8e1175bSopenharmony_ci mbedtls_cipher_free(ctx); 102a8e1175bSopenharmony_ci mbedtls_cipher_init(ctx); 103a8e1175bSopenharmony_ci 104a8e1175bSopenharmony_ci#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 105a8e1175bSopenharmony_ci (void) use_psa; 106a8e1175bSopenharmony_ci (void) tag_len; 107a8e1175bSopenharmony_ci#else 108a8e1175bSopenharmony_ci if (use_psa == 1) { 109a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup_psa(ctx, 110a8e1175bSopenharmony_ci mbedtls_cipher_info_from_type(cipher_id), 111a8e1175bSopenharmony_ci tag_len)); 112a8e1175bSopenharmony_ci } else 113a8e1175bSopenharmony_ci#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED */ 114a8e1175bSopenharmony_ci { 115a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(ctx, 116a8e1175bSopenharmony_ci mbedtls_cipher_info_from_type(cipher_id))); 117a8e1175bSopenharmony_ci } 118a8e1175bSopenharmony_ci 119a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setkey(ctx, key->x, 8 * key->len, 120a8e1175bSopenharmony_ci direction)); 121a8e1175bSopenharmony_ci return 1; 122a8e1175bSopenharmony_ci 123a8e1175bSopenharmony_ciexit: 124a8e1175bSopenharmony_ci return 0; 125a8e1175bSopenharmony_ci} 126a8e1175bSopenharmony_ci 127a8e1175bSopenharmony_ci/* 128a8e1175bSopenharmony_ci * Check if a buffer is all-0 bytes: 129a8e1175bSopenharmony_ci * return 1 if it is, 130a8e1175bSopenharmony_ci * 0 if it isn't. 131a8e1175bSopenharmony_ci */ 132a8e1175bSopenharmony_ciint buffer_is_all_zero(const uint8_t *buf, size_t size) 133a8e1175bSopenharmony_ci{ 134a8e1175bSopenharmony_ci for (size_t i = 0; i < size; i++) { 135a8e1175bSopenharmony_ci if (buf[i] != 0) { 136a8e1175bSopenharmony_ci return 0; 137a8e1175bSopenharmony_ci } 138a8e1175bSopenharmony_ci } 139a8e1175bSopenharmony_ci return 1; 140a8e1175bSopenharmony_ci} 141a8e1175bSopenharmony_ci#endif /* MBEDTLS_CIPHER_AUTH_CRYPT */ 142a8e1175bSopenharmony_ci 143a8e1175bSopenharmony_ci/* END_HEADER */ 144a8e1175bSopenharmony_ci 145a8e1175bSopenharmony_ci/* BEGIN_DEPENDENCIES 146a8e1175bSopenharmony_ci * depends_on:MBEDTLS_CIPHER_C 147a8e1175bSopenharmony_ci * END_DEPENDENCIES 148a8e1175bSopenharmony_ci */ 149a8e1175bSopenharmony_ci 150a8e1175bSopenharmony_ci/* BEGIN_CASE */ 151a8e1175bSopenharmony_civoid mbedtls_cipher_list() 152a8e1175bSopenharmony_ci{ 153a8e1175bSopenharmony_ci const int *cipher_type; 154a8e1175bSopenharmony_ci 155a8e1175bSopenharmony_ci for (cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++) { 156a8e1175bSopenharmony_ci const mbedtls_cipher_info_t *info = 157a8e1175bSopenharmony_ci mbedtls_cipher_info_from_type(*cipher_type); 158a8e1175bSopenharmony_ci mbedtls_test_set_step(*cipher_type); 159a8e1175bSopenharmony_ci if (!check_cipher_info(*cipher_type, info)) { 160a8e1175bSopenharmony_ci goto exit; 161a8e1175bSopenharmony_ci } 162a8e1175bSopenharmony_ci } 163a8e1175bSopenharmony_ci} 164a8e1175bSopenharmony_ci/* END_CASE */ 165a8e1175bSopenharmony_ci 166a8e1175bSopenharmony_ci/* BEGIN_CASE */ 167a8e1175bSopenharmony_civoid cipher_invalid_param_unconditional() 168a8e1175bSopenharmony_ci{ 169a8e1175bSopenharmony_ci mbedtls_cipher_context_t valid_ctx; 170a8e1175bSopenharmony_ci mbedtls_cipher_context_t invalid_ctx; 171a8e1175bSopenharmony_ci mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; 172a8e1175bSopenharmony_ci mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; 173a8e1175bSopenharmony_ci unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 174a8e1175bSopenharmony_ci int valid_size = sizeof(valid_buffer); 175a8e1175bSopenharmony_ci int valid_bitlen = valid_size * 8; 176a8e1175bSopenharmony_ci const int *cipher_list = mbedtls_cipher_list(); 177a8e1175bSopenharmony_ci const mbedtls_cipher_info_t *valid_info; 178a8e1175bSopenharmony_ci size_t size_t_var; 179a8e1175bSopenharmony_ci 180a8e1175bSopenharmony_ci (void) valid_mode; /* In some configurations this is unused */ 181a8e1175bSopenharmony_ci 182a8e1175bSopenharmony_ci mbedtls_cipher_init(&valid_ctx); 183a8e1175bSopenharmony_ci mbedtls_cipher_init(&invalid_ctx); 184a8e1175bSopenharmony_ci 185a8e1175bSopenharmony_ci /* Ensure that there is at least 1 supported cipher, otherwise exit gracefully */ 186a8e1175bSopenharmony_ci TEST_ASSUME(*cipher_list != 0); 187a8e1175bSopenharmony_ci valid_info = mbedtls_cipher_info_from_type(*cipher_list); 188a8e1175bSopenharmony_ci 189a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, valid_info) == 0); 190a8e1175bSopenharmony_ci 191a8e1175bSopenharmony_ci /* mbedtls_cipher_setup() */ 192a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, NULL) == 193a8e1175bSopenharmony_ci MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 194a8e1175bSopenharmony_ci 195a8e1175bSopenharmony_ci /* mbedtls_cipher_get_block_size() */ 196a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_get_block_size(&invalid_ctx) == 0); 197a8e1175bSopenharmony_ci 198a8e1175bSopenharmony_ci /* mbedtls_cipher_get_cipher_mode() */ 199a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_get_cipher_mode(&invalid_ctx) == 200a8e1175bSopenharmony_ci MBEDTLS_MODE_NONE); 201a8e1175bSopenharmony_ci 202a8e1175bSopenharmony_ci /* mbedtls_cipher_get_iv_size() */ 203a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_get_iv_size(&invalid_ctx) == 0); 204a8e1175bSopenharmony_ci 205a8e1175bSopenharmony_ci /* mbedtls_cipher_get_type() */ 206a8e1175bSopenharmony_ci TEST_ASSERT( 207a8e1175bSopenharmony_ci mbedtls_cipher_get_type(&invalid_ctx) == 208a8e1175bSopenharmony_ci MBEDTLS_CIPHER_NONE); 209a8e1175bSopenharmony_ci 210a8e1175bSopenharmony_ci /* mbedtls_cipher_get_name() */ 211a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_get_name(&invalid_ctx) == 0); 212a8e1175bSopenharmony_ci 213a8e1175bSopenharmony_ci /* mbedtls_cipher_get_key_bitlen() */ 214a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_get_key_bitlen(&invalid_ctx) == 215a8e1175bSopenharmony_ci MBEDTLS_KEY_LENGTH_NONE); 216a8e1175bSopenharmony_ci 217a8e1175bSopenharmony_ci /* mbedtls_cipher_get_operation() */ 218a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_get_operation(&invalid_ctx) == 219a8e1175bSopenharmony_ci MBEDTLS_OPERATION_NONE); 220a8e1175bSopenharmony_ci 221a8e1175bSopenharmony_ci /* mbedtls_cipher_setkey() */ 222a8e1175bSopenharmony_ci TEST_ASSERT( 223a8e1175bSopenharmony_ci mbedtls_cipher_setkey(&invalid_ctx, 224a8e1175bSopenharmony_ci valid_buffer, 225a8e1175bSopenharmony_ci valid_bitlen, 226a8e1175bSopenharmony_ci valid_operation) == 227a8e1175bSopenharmony_ci MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 228a8e1175bSopenharmony_ci 229a8e1175bSopenharmony_ci /* mbedtls_cipher_set_iv() */ 230a8e1175bSopenharmony_ci TEST_ASSERT( 231a8e1175bSopenharmony_ci mbedtls_cipher_set_iv(&invalid_ctx, 232a8e1175bSopenharmony_ci valid_buffer, 233a8e1175bSopenharmony_ci valid_size) == 234a8e1175bSopenharmony_ci MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 235a8e1175bSopenharmony_ci 236a8e1175bSopenharmony_ci /* mbedtls_cipher_reset() */ 237a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_reset(&invalid_ctx) == 238a8e1175bSopenharmony_ci MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 239a8e1175bSopenharmony_ci 240a8e1175bSopenharmony_ci#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 241a8e1175bSopenharmony_ci /* mbedtls_cipher_update_ad() */ 242a8e1175bSopenharmony_ci TEST_ASSERT( 243a8e1175bSopenharmony_ci mbedtls_cipher_update_ad(&invalid_ctx, 244a8e1175bSopenharmony_ci valid_buffer, 245a8e1175bSopenharmony_ci valid_size) == 246a8e1175bSopenharmony_ci MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 247a8e1175bSopenharmony_ci#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 248a8e1175bSopenharmony_ci 249a8e1175bSopenharmony_ci#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 250a8e1175bSopenharmony_ci /* mbedtls_cipher_set_padding_mode() */ 251a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_set_padding_mode(&invalid_ctx, valid_mode) == 252a8e1175bSopenharmony_ci MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 253a8e1175bSopenharmony_ci#endif 254a8e1175bSopenharmony_ci 255a8e1175bSopenharmony_ci /* mbedtls_cipher_update() */ 256a8e1175bSopenharmony_ci TEST_ASSERT( 257a8e1175bSopenharmony_ci mbedtls_cipher_update(&invalid_ctx, 258a8e1175bSopenharmony_ci valid_buffer, 259a8e1175bSopenharmony_ci valid_size, 260a8e1175bSopenharmony_ci valid_buffer, 261a8e1175bSopenharmony_ci &size_t_var) == 262a8e1175bSopenharmony_ci MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 263a8e1175bSopenharmony_ci 264a8e1175bSopenharmony_ci /* mbedtls_cipher_finish() */ 265a8e1175bSopenharmony_ci TEST_ASSERT( 266a8e1175bSopenharmony_ci mbedtls_cipher_finish(&invalid_ctx, 267a8e1175bSopenharmony_ci valid_buffer, 268a8e1175bSopenharmony_ci &size_t_var) == 269a8e1175bSopenharmony_ci MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 270a8e1175bSopenharmony_ci 271a8e1175bSopenharmony_ci#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 272a8e1175bSopenharmony_ci /* mbedtls_cipher_write_tag() */ 273a8e1175bSopenharmony_ci TEST_ASSERT( 274a8e1175bSopenharmony_ci mbedtls_cipher_write_tag(&invalid_ctx, 275a8e1175bSopenharmony_ci valid_buffer, 276a8e1175bSopenharmony_ci valid_size) == 277a8e1175bSopenharmony_ci MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 278a8e1175bSopenharmony_ci 279a8e1175bSopenharmony_ci /* mbedtls_cipher_check_tag() */ 280a8e1175bSopenharmony_ci TEST_ASSERT( 281a8e1175bSopenharmony_ci mbedtls_cipher_check_tag(&invalid_ctx, 282a8e1175bSopenharmony_ci valid_buffer, 283a8e1175bSopenharmony_ci valid_size) == 284a8e1175bSopenharmony_ci MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 285a8e1175bSopenharmony_ci#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 286a8e1175bSopenharmony_ci 287a8e1175bSopenharmony_ciexit: 288a8e1175bSopenharmony_ci mbedtls_cipher_free(&invalid_ctx); 289a8e1175bSopenharmony_ci mbedtls_cipher_free(&valid_ctx); 290a8e1175bSopenharmony_ci} 291a8e1175bSopenharmony_ci/* END_CASE */ 292a8e1175bSopenharmony_ci 293a8e1175bSopenharmony_ci/* BEGIN_CASE */ 294a8e1175bSopenharmony_civoid cipher_invalid_param_conditional() 295a8e1175bSopenharmony_ci{ 296a8e1175bSopenharmony_ci mbedtls_cipher_context_t valid_ctx; 297a8e1175bSopenharmony_ci 298a8e1175bSopenharmony_ci mbedtls_operation_t invalid_operation = 100; 299a8e1175bSopenharmony_ci unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 300a8e1175bSopenharmony_ci int valid_size = sizeof(valid_buffer); 301a8e1175bSopenharmony_ci int valid_bitlen = valid_size * 8; 302a8e1175bSopenharmony_ci 303a8e1175bSopenharmony_ci TEST_EQUAL( 304a8e1175bSopenharmony_ci MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 305a8e1175bSopenharmony_ci mbedtls_cipher_setkey(&valid_ctx, 306a8e1175bSopenharmony_ci valid_buffer, 307a8e1175bSopenharmony_ci valid_bitlen, 308a8e1175bSopenharmony_ci invalid_operation)); 309a8e1175bSopenharmony_ci 310a8e1175bSopenharmony_ciexit: 311a8e1175bSopenharmony_ci ; 312a8e1175bSopenharmony_ci} 313a8e1175bSopenharmony_ci/* END_CASE */ 314a8e1175bSopenharmony_ci 315a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 316a8e1175bSopenharmony_civoid cipher_special_behaviours() 317a8e1175bSopenharmony_ci{ 318a8e1175bSopenharmony_ci const mbedtls_cipher_info_t *cipher_info; 319a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx; 320a8e1175bSopenharmony_ci unsigned char input[32]; 321a8e1175bSopenharmony_ci unsigned char output[32]; 322a8e1175bSopenharmony_ci#if defined(MBEDTLS_CIPHER_MODE_CBC) 323a8e1175bSopenharmony_ci unsigned char iv[32]; 324a8e1175bSopenharmony_ci#endif 325a8e1175bSopenharmony_ci size_t olen = 0; 326a8e1175bSopenharmony_ci 327a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx); 328a8e1175bSopenharmony_ci memset(input, 0, sizeof(input)); 329a8e1175bSopenharmony_ci memset(output, 0, sizeof(output)); 330a8e1175bSopenharmony_ci#if defined(MBEDTLS_CIPHER_MODE_CBC) 331a8e1175bSopenharmony_ci memset(iv, 0, sizeof(iv)); 332a8e1175bSopenharmony_ci 333a8e1175bSopenharmony_ci /* Check and get info structures */ 334a8e1175bSopenharmony_ci cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC); 335a8e1175bSopenharmony_ci TEST_ASSERT(NULL != cipher_info); 336a8e1175bSopenharmony_ci 337a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 338a8e1175bSopenharmony_ci 339a8e1175bSopenharmony_ci /* IV too big */ 340a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1) 341a8e1175bSopenharmony_ci == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); 342a8e1175bSopenharmony_ci 343a8e1175bSopenharmony_ci /* IV too small */ 344a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, 0) 345a8e1175bSopenharmony_ci == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 346a8e1175bSopenharmony_ci 347a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx); 348a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx); 349a8e1175bSopenharmony_ci#endif /* MBEDTLS_CIPHER_MODE_CBC */ 350a8e1175bSopenharmony_ci cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB); 351a8e1175bSopenharmony_ci TEST_ASSERT(NULL != cipher_info); 352a8e1175bSopenharmony_ci 353a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 354a8e1175bSopenharmony_ci 355a8e1175bSopenharmony_ci /* Update ECB with partial block */ 356a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_update(&ctx, input, 1, output, &olen) 357a8e1175bSopenharmony_ci == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED); 358a8e1175bSopenharmony_ci 359a8e1175bSopenharmony_ciexit: 360a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx); 361a8e1175bSopenharmony_ci} 362a8e1175bSopenharmony_ci/* END_CASE */ 363a8e1175bSopenharmony_ci 364a8e1175bSopenharmony_ci/* BEGIN_CASE */ 365a8e1175bSopenharmony_civoid enc_dec_buf(int cipher_id, char *cipher_string, int key_len, 366a8e1175bSopenharmony_ci int length_val, int pad_mode) 367a8e1175bSopenharmony_ci{ 368a8e1175bSopenharmony_ci size_t length = length_val, outlen, total_len, i, block_size, iv_len; 369a8e1175bSopenharmony_ci unsigned char key[64]; 370a8e1175bSopenharmony_ci unsigned char iv[16]; 371a8e1175bSopenharmony_ci unsigned char ad[13]; 372a8e1175bSopenharmony_ci unsigned char tag[16]; 373a8e1175bSopenharmony_ci unsigned char inbuf[64]; 374a8e1175bSopenharmony_ci unsigned char encbuf[64]; 375a8e1175bSopenharmony_ci unsigned char decbuf[64]; 376a8e1175bSopenharmony_ci 377a8e1175bSopenharmony_ci const mbedtls_cipher_info_t *cipher_info; 378a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx_dec; 379a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx_enc; 380a8e1175bSopenharmony_ci 381a8e1175bSopenharmony_ci /* 382a8e1175bSopenharmony_ci * Prepare contexts 383a8e1175bSopenharmony_ci */ 384a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx_dec); 385a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx_enc); 386a8e1175bSopenharmony_ci 387a8e1175bSopenharmony_ci memset(key, 0x2a, sizeof(key)); 388a8e1175bSopenharmony_ci 389a8e1175bSopenharmony_ci /* Check and get info structures */ 390a8e1175bSopenharmony_ci cipher_info = mbedtls_cipher_info_from_type(cipher_id); 391a8e1175bSopenharmony_ci TEST_ASSERT(NULL != cipher_info); 392a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 393a8e1175bSopenharmony_ci TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info), 394a8e1175bSopenharmony_ci cipher_string) == 0); 395a8e1175bSopenharmony_ci 396a8e1175bSopenharmony_ci /* Initialise enc and dec contexts */ 397a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 398a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 399a8e1175bSopenharmony_ci 400a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 401a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 402a8e1175bSopenharmony_ci 403a8e1175bSopenharmony_ci#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 404a8e1175bSopenharmony_ci if (-1 != pad_mode) { 405a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 406a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 407a8e1175bSopenharmony_ci } 408a8e1175bSopenharmony_ci#else 409a8e1175bSopenharmony_ci (void) pad_mode; 410a8e1175bSopenharmony_ci#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 411a8e1175bSopenharmony_ci 412a8e1175bSopenharmony_ci /* 413a8e1175bSopenharmony_ci * Do a few encode/decode cycles 414a8e1175bSopenharmony_ci */ 415a8e1175bSopenharmony_ci for (i = 0; i < 3; i++) { 416a8e1175bSopenharmony_ci memset(iv, 0x00 + i, sizeof(iv)); 417a8e1175bSopenharmony_ci memset(ad, 0x10 + i, sizeof(ad)); 418a8e1175bSopenharmony_ci memset(inbuf, 0x20 + i, sizeof(inbuf)); 419a8e1175bSopenharmony_ci 420a8e1175bSopenharmony_ci memset(encbuf, 0, sizeof(encbuf)); 421a8e1175bSopenharmony_ci memset(decbuf, 0, sizeof(decbuf)); 422a8e1175bSopenharmony_ci memset(tag, 0, sizeof(tag)); 423a8e1175bSopenharmony_ci 424a8e1175bSopenharmony_ci if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) { 425a8e1175bSopenharmony_ci iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 426a8e1175bSopenharmony_ci * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 427a8e1175bSopenharmony_ci } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 428a8e1175bSopenharmony_ci cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 429a8e1175bSopenharmony_ci iv_len = 12; 430a8e1175bSopenharmony_ci } else { 431a8e1175bSopenharmony_ci iv_len = sizeof(iv); 432a8e1175bSopenharmony_ci } 433a8e1175bSopenharmony_ci 434a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 435a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 436a8e1175bSopenharmony_ci 437a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 438a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 439a8e1175bSopenharmony_ci 440a8e1175bSopenharmony_ci#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 441a8e1175bSopenharmony_ci int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 442a8e1175bSopenharmony_ci cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 443a8e1175bSopenharmony_ci 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 444a8e1175bSopenharmony_ci 445a8e1175bSopenharmony_ci TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, ad, sizeof(ad) - i)); 446a8e1175bSopenharmony_ci TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, ad, sizeof(ad) - i)); 447a8e1175bSopenharmony_ci#endif 448a8e1175bSopenharmony_ci 449a8e1175bSopenharmony_ci block_size = mbedtls_cipher_get_block_size(&ctx_enc); 450a8e1175bSopenharmony_ci TEST_ASSERT(block_size != 0); 451a8e1175bSopenharmony_ci 452a8e1175bSopenharmony_ci /* encode length number of bytes from inbuf */ 453a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, length, encbuf, &outlen)); 454a8e1175bSopenharmony_ci total_len = outlen; 455a8e1175bSopenharmony_ci 456a8e1175bSopenharmony_ci TEST_ASSERT(total_len == length || 457a8e1175bSopenharmony_ci (total_len % block_size == 0 && 458a8e1175bSopenharmony_ci total_len < length && 459a8e1175bSopenharmony_ci total_len + block_size > length)); 460a8e1175bSopenharmony_ci 461a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + outlen, &outlen)); 462a8e1175bSopenharmony_ci total_len += outlen; 463a8e1175bSopenharmony_ci 464a8e1175bSopenharmony_ci#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 465a8e1175bSopenharmony_ci TEST_EQUAL(expected, mbedtls_cipher_write_tag(&ctx_enc, tag, sizeof(tag))); 466a8e1175bSopenharmony_ci#endif 467a8e1175bSopenharmony_ci 468a8e1175bSopenharmony_ci TEST_ASSERT(total_len == length || 469a8e1175bSopenharmony_ci (total_len % block_size == 0 && 470a8e1175bSopenharmony_ci total_len > length && 471a8e1175bSopenharmony_ci total_len <= length + block_size)); 472a8e1175bSopenharmony_ci 473a8e1175bSopenharmony_ci /* decode the previously encoded string */ 474a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, total_len, decbuf, &outlen)); 475a8e1175bSopenharmony_ci total_len = outlen; 476a8e1175bSopenharmony_ci 477a8e1175bSopenharmony_ci TEST_ASSERT(total_len == length || 478a8e1175bSopenharmony_ci (total_len % block_size == 0 && 479a8e1175bSopenharmony_ci total_len < length && 480a8e1175bSopenharmony_ci total_len + block_size >= length)); 481a8e1175bSopenharmony_ci 482a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + outlen, &outlen)); 483a8e1175bSopenharmony_ci total_len += outlen; 484a8e1175bSopenharmony_ci 485a8e1175bSopenharmony_ci#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 486a8e1175bSopenharmony_ci TEST_EQUAL(expected, mbedtls_cipher_check_tag(&ctx_dec, tag, sizeof(tag))); 487a8e1175bSopenharmony_ci#endif 488a8e1175bSopenharmony_ci 489a8e1175bSopenharmony_ci /* check result */ 490a8e1175bSopenharmony_ci TEST_ASSERT(total_len == length); 491a8e1175bSopenharmony_ci TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 492a8e1175bSopenharmony_ci } 493a8e1175bSopenharmony_ci 494a8e1175bSopenharmony_ci /* 495a8e1175bSopenharmony_ci * Done 496a8e1175bSopenharmony_ci */ 497a8e1175bSopenharmony_ciexit: 498a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx_dec); 499a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx_enc); 500a8e1175bSopenharmony_ci} 501a8e1175bSopenharmony_ci/* END_CASE */ 502a8e1175bSopenharmony_ci 503a8e1175bSopenharmony_ci/* BEGIN_CASE */ 504a8e1175bSopenharmony_civoid enc_fail(int cipher_id, int pad_mode, int key_len, int length_val, 505a8e1175bSopenharmony_ci int ret) 506a8e1175bSopenharmony_ci{ 507a8e1175bSopenharmony_ci size_t length = length_val; 508a8e1175bSopenharmony_ci unsigned char key[32]; 509a8e1175bSopenharmony_ci unsigned char iv[16]; 510a8e1175bSopenharmony_ci 511a8e1175bSopenharmony_ci const mbedtls_cipher_info_t *cipher_info; 512a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx; 513a8e1175bSopenharmony_ci 514a8e1175bSopenharmony_ci unsigned char inbuf[64]; 515a8e1175bSopenharmony_ci unsigned char encbuf[64]; 516a8e1175bSopenharmony_ci 517a8e1175bSopenharmony_ci size_t outlen = 0; 518a8e1175bSopenharmony_ci 519a8e1175bSopenharmony_ci memset(key, 0, 32); 520a8e1175bSopenharmony_ci memset(iv, 0, 16); 521a8e1175bSopenharmony_ci 522a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx); 523a8e1175bSopenharmony_ci 524a8e1175bSopenharmony_ci memset(inbuf, 5, 64); 525a8e1175bSopenharmony_ci memset(encbuf, 0, 64); 526a8e1175bSopenharmony_ci 527a8e1175bSopenharmony_ci /* Check and get info structures */ 528a8e1175bSopenharmony_ci cipher_info = mbedtls_cipher_info_from_type(cipher_id); 529a8e1175bSopenharmony_ci TEST_ASSERT(NULL != cipher_info); 530a8e1175bSopenharmony_ci 531a8e1175bSopenharmony_ci /* Initialise context */ 532a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 533a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key, key_len, MBEDTLS_ENCRYPT)); 534a8e1175bSopenharmony_ci#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 535a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 536a8e1175bSopenharmony_ci#else 537a8e1175bSopenharmony_ci (void) pad_mode; 538a8e1175bSopenharmony_ci#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 539a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv, 16)); 540a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 541a8e1175bSopenharmony_ci#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 542a8e1175bSopenharmony_ci int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 543a8e1175bSopenharmony_ci cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 544a8e1175bSopenharmony_ci 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 545a8e1175bSopenharmony_ci 546a8e1175bSopenharmony_ci TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, NULL, 0)); 547a8e1175bSopenharmony_ci#endif 548a8e1175bSopenharmony_ci 549a8e1175bSopenharmony_ci /* encode length number of bytes from inbuf */ 550a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen)); 551a8e1175bSopenharmony_ci TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen)); 552a8e1175bSopenharmony_ci 553a8e1175bSopenharmony_ci /* done */ 554a8e1175bSopenharmony_ciexit: 555a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx); 556a8e1175bSopenharmony_ci} 557a8e1175bSopenharmony_ci/* END_CASE */ 558a8e1175bSopenharmony_ci 559a8e1175bSopenharmony_ci/* BEGIN_CASE */ 560a8e1175bSopenharmony_civoid dec_empty_buf(int cipher, 561a8e1175bSopenharmony_ci int expected_update_ret, 562a8e1175bSopenharmony_ci int expected_finish_ret) 563a8e1175bSopenharmony_ci{ 564a8e1175bSopenharmony_ci unsigned char key[32]; 565a8e1175bSopenharmony_ci 566a8e1175bSopenharmony_ci unsigned char *iv = NULL; 567a8e1175bSopenharmony_ci size_t iv_len = 16; 568a8e1175bSopenharmony_ci 569a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx_dec; 570a8e1175bSopenharmony_ci const mbedtls_cipher_info_t *cipher_info; 571a8e1175bSopenharmony_ci 572a8e1175bSopenharmony_ci unsigned char encbuf[64]; 573a8e1175bSopenharmony_ci unsigned char decbuf[64]; 574a8e1175bSopenharmony_ci 575a8e1175bSopenharmony_ci size_t outlen = 0; 576a8e1175bSopenharmony_ci 577a8e1175bSopenharmony_ci memset(key, 0, 32); 578a8e1175bSopenharmony_ci 579a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx_dec); 580a8e1175bSopenharmony_ci 581a8e1175bSopenharmony_ci memset(encbuf, 0, 64); 582a8e1175bSopenharmony_ci memset(decbuf, 0, 64); 583a8e1175bSopenharmony_ci 584a8e1175bSopenharmony_ci /* Initialise context */ 585a8e1175bSopenharmony_ci cipher_info = mbedtls_cipher_info_from_type(cipher); 586a8e1175bSopenharmony_ci TEST_ASSERT(NULL != cipher_info); 587a8e1175bSopenharmony_ci 588a8e1175bSopenharmony_ci if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 589a8e1175bSopenharmony_ci cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 590a8e1175bSopenharmony_ci iv_len = 12; 591a8e1175bSopenharmony_ci } 592a8e1175bSopenharmony_ci 593a8e1175bSopenharmony_ci TEST_CALLOC(iv, iv_len); 594a8e1175bSopenharmony_ci memset(iv, 0, iv_len); 595a8e1175bSopenharmony_ci 596a8e1175bSopenharmony_ci TEST_ASSERT(sizeof(key) * 8 >= mbedtls_cipher_info_get_key_bitlen(cipher_info)); 597a8e1175bSopenharmony_ci 598a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 599a8e1175bSopenharmony_ci 600a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, 601a8e1175bSopenharmony_ci key, mbedtls_cipher_info_get_key_bitlen(cipher_info), 602a8e1175bSopenharmony_ci MBEDTLS_DECRYPT)); 603a8e1175bSopenharmony_ci 604a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 605a8e1175bSopenharmony_ci 606a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 607a8e1175bSopenharmony_ci 608a8e1175bSopenharmony_ci#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) 609a8e1175bSopenharmony_ci if (ctx_dec.cipher_info->mode == MBEDTLS_MODE_CBC) { 610a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, 611a8e1175bSopenharmony_ci MBEDTLS_PADDING_PKCS7)); 612a8e1175bSopenharmony_ci } 613a8e1175bSopenharmony_ci#endif 614a8e1175bSopenharmony_ci 615a8e1175bSopenharmony_ci#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 616a8e1175bSopenharmony_ci int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 617a8e1175bSopenharmony_ci cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 618a8e1175bSopenharmony_ci 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 619a8e1175bSopenharmony_ci 620a8e1175bSopenharmony_ci TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 621a8e1175bSopenharmony_ci#endif 622a8e1175bSopenharmony_ci 623a8e1175bSopenharmony_ci /* decode 0-byte string */ 624a8e1175bSopenharmony_ci TEST_ASSERT(expected_update_ret == 625a8e1175bSopenharmony_ci mbedtls_cipher_update(&ctx_dec, encbuf, 0, decbuf, &outlen)); 626a8e1175bSopenharmony_ci TEST_ASSERT(0 == outlen); 627a8e1175bSopenharmony_ci 628a8e1175bSopenharmony_ci if (expected_finish_ret == 0 && 629a8e1175bSopenharmony_ci (cipher_info->mode == MBEDTLS_MODE_CBC || 630a8e1175bSopenharmony_ci cipher_info->mode == MBEDTLS_MODE_ECB)) { 631a8e1175bSopenharmony_ci /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and 632a8e1175bSopenharmony_ci * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when 633a8e1175bSopenharmony_ci * decrypting an empty buffer. 634a8e1175bSopenharmony_ci * On the other hand, CBC and ECB ciphers need a full block of input. 635a8e1175bSopenharmony_ci */ 636a8e1175bSopenharmony_ci expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; 637a8e1175bSopenharmony_ci } 638a8e1175bSopenharmony_ci 639a8e1175bSopenharmony_ci TEST_ASSERT(expected_finish_ret == mbedtls_cipher_finish( 640a8e1175bSopenharmony_ci &ctx_dec, decbuf + outlen, &outlen)); 641a8e1175bSopenharmony_ci TEST_ASSERT(0 == outlen); 642a8e1175bSopenharmony_ci 643a8e1175bSopenharmony_ciexit: 644a8e1175bSopenharmony_ci mbedtls_free(iv); 645a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx_dec); 646a8e1175bSopenharmony_ci} 647a8e1175bSopenharmony_ci/* END_CASE */ 648a8e1175bSopenharmony_ci 649a8e1175bSopenharmony_ci/* BEGIN_CASE */ 650a8e1175bSopenharmony_civoid enc_dec_buf_multipart(int cipher_id, int key_len, int first_length_val, 651a8e1175bSopenharmony_ci int second_length_val, int pad_mode, 652a8e1175bSopenharmony_ci int first_encrypt_output_len, int second_encrypt_output_len, 653a8e1175bSopenharmony_ci int first_decrypt_output_len, int second_decrypt_output_len) 654a8e1175bSopenharmony_ci{ 655a8e1175bSopenharmony_ci size_t first_length = first_length_val; 656a8e1175bSopenharmony_ci size_t second_length = second_length_val; 657a8e1175bSopenharmony_ci size_t length = first_length + second_length; 658a8e1175bSopenharmony_ci size_t block_size; 659a8e1175bSopenharmony_ci size_t iv_len; 660a8e1175bSopenharmony_ci unsigned char key[32]; 661a8e1175bSopenharmony_ci unsigned char iv[16]; 662a8e1175bSopenharmony_ci 663a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx_dec; 664a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx_enc; 665a8e1175bSopenharmony_ci const mbedtls_cipher_info_t *cipher_info; 666a8e1175bSopenharmony_ci 667a8e1175bSopenharmony_ci unsigned char inbuf[64]; 668a8e1175bSopenharmony_ci unsigned char encbuf[64]; 669a8e1175bSopenharmony_ci unsigned char decbuf[64]; 670a8e1175bSopenharmony_ci 671a8e1175bSopenharmony_ci size_t outlen = 0; 672a8e1175bSopenharmony_ci size_t totaloutlen = 0; 673a8e1175bSopenharmony_ci 674a8e1175bSopenharmony_ci memset(key, 0, 32); 675a8e1175bSopenharmony_ci memset(iv, 0, 16); 676a8e1175bSopenharmony_ci 677a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx_dec); 678a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx_enc); 679a8e1175bSopenharmony_ci 680a8e1175bSopenharmony_ci memset(inbuf, 5, 64); 681a8e1175bSopenharmony_ci memset(encbuf, 0, 64); 682a8e1175bSopenharmony_ci memset(decbuf, 0, 64); 683a8e1175bSopenharmony_ci 684a8e1175bSopenharmony_ci /* Initialise enc and dec contexts */ 685a8e1175bSopenharmony_ci cipher_info = mbedtls_cipher_info_from_type(cipher_id); 686a8e1175bSopenharmony_ci TEST_ASSERT(NULL != cipher_info); 687a8e1175bSopenharmony_ci 688a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 689a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 690a8e1175bSopenharmony_ci 691a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 692a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 693a8e1175bSopenharmony_ci 694a8e1175bSopenharmony_ci#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 695a8e1175bSopenharmony_ci if (-1 != pad_mode) { 696a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 697a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 698a8e1175bSopenharmony_ci } 699a8e1175bSopenharmony_ci#else 700a8e1175bSopenharmony_ci (void) pad_mode; 701a8e1175bSopenharmony_ci#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 702a8e1175bSopenharmony_ci 703a8e1175bSopenharmony_ci if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) { 704a8e1175bSopenharmony_ci iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 705a8e1175bSopenharmony_ci * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 706a8e1175bSopenharmony_ci } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 707a8e1175bSopenharmony_ci cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 708a8e1175bSopenharmony_ci iv_len = 12; 709a8e1175bSopenharmony_ci } else { 710a8e1175bSopenharmony_ci iv_len = sizeof(iv); 711a8e1175bSopenharmony_ci } 712a8e1175bSopenharmony_ci 713a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 714a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 715a8e1175bSopenharmony_ci 716a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 717a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 718a8e1175bSopenharmony_ci 719a8e1175bSopenharmony_ci#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 720a8e1175bSopenharmony_ci int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 721a8e1175bSopenharmony_ci cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 722a8e1175bSopenharmony_ci 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 723a8e1175bSopenharmony_ci 724a8e1175bSopenharmony_ci TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 725a8e1175bSopenharmony_ci TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, NULL, 0)); 726a8e1175bSopenharmony_ci#endif 727a8e1175bSopenharmony_ci 728a8e1175bSopenharmony_ci block_size = mbedtls_cipher_get_block_size(&ctx_enc); 729a8e1175bSopenharmony_ci TEST_ASSERT(block_size != 0); 730a8e1175bSopenharmony_ci 731a8e1175bSopenharmony_ci /* encode length number of bytes from inbuf */ 732a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, first_length, encbuf, &outlen)); 733a8e1175bSopenharmony_ci TEST_ASSERT((size_t) first_encrypt_output_len == outlen); 734a8e1175bSopenharmony_ci totaloutlen = outlen; 735a8e1175bSopenharmony_ci TEST_ASSERT(0 == 736a8e1175bSopenharmony_ci mbedtls_cipher_update(&ctx_enc, inbuf + first_length, second_length, 737a8e1175bSopenharmony_ci encbuf + totaloutlen, 738a8e1175bSopenharmony_ci &outlen)); 739a8e1175bSopenharmony_ci TEST_ASSERT((size_t) second_encrypt_output_len == outlen); 740a8e1175bSopenharmony_ci totaloutlen += outlen; 741a8e1175bSopenharmony_ci TEST_ASSERT(totaloutlen == length || 742a8e1175bSopenharmony_ci (totaloutlen % block_size == 0 && 743a8e1175bSopenharmony_ci totaloutlen < length && 744a8e1175bSopenharmony_ci totaloutlen + block_size > length)); 745a8e1175bSopenharmony_ci 746a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + totaloutlen, &outlen)); 747a8e1175bSopenharmony_ci totaloutlen += outlen; 748a8e1175bSopenharmony_ci TEST_ASSERT(totaloutlen == length || 749a8e1175bSopenharmony_ci (totaloutlen % block_size == 0 && 750a8e1175bSopenharmony_ci totaloutlen > length && 751a8e1175bSopenharmony_ci totaloutlen <= length + block_size)); 752a8e1175bSopenharmony_ci 753a8e1175bSopenharmony_ci /* decode the previously encoded string */ 754a8e1175bSopenharmony_ci second_length = totaloutlen - first_length; 755a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, first_length, decbuf, &outlen)); 756a8e1175bSopenharmony_ci TEST_ASSERT((size_t) first_decrypt_output_len == outlen); 757a8e1175bSopenharmony_ci totaloutlen = outlen; 758a8e1175bSopenharmony_ci TEST_ASSERT(0 == 759a8e1175bSopenharmony_ci mbedtls_cipher_update(&ctx_dec, encbuf + first_length, second_length, 760a8e1175bSopenharmony_ci decbuf + totaloutlen, 761a8e1175bSopenharmony_ci &outlen)); 762a8e1175bSopenharmony_ci TEST_ASSERT((size_t) second_decrypt_output_len == outlen); 763a8e1175bSopenharmony_ci totaloutlen += outlen; 764a8e1175bSopenharmony_ci 765a8e1175bSopenharmony_ci TEST_ASSERT(totaloutlen == length || 766a8e1175bSopenharmony_ci (totaloutlen % block_size == 0 && 767a8e1175bSopenharmony_ci totaloutlen < length && 768a8e1175bSopenharmony_ci totaloutlen + block_size >= length)); 769a8e1175bSopenharmony_ci 770a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + totaloutlen, &outlen)); 771a8e1175bSopenharmony_ci totaloutlen += outlen; 772a8e1175bSopenharmony_ci 773a8e1175bSopenharmony_ci TEST_ASSERT(totaloutlen == length); 774a8e1175bSopenharmony_ci 775a8e1175bSopenharmony_ci TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 776a8e1175bSopenharmony_ci 777a8e1175bSopenharmony_ciexit: 778a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx_dec); 779a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx_enc); 780a8e1175bSopenharmony_ci} 781a8e1175bSopenharmony_ci/* END_CASE */ 782a8e1175bSopenharmony_ci 783a8e1175bSopenharmony_ci/* BEGIN_CASE */ 784a8e1175bSopenharmony_civoid decrypt_test_vec(int cipher_id, int pad_mode, data_t *key, 785a8e1175bSopenharmony_ci data_t *iv, data_t *cipher, 786a8e1175bSopenharmony_ci data_t *clear, data_t *ad, data_t *tag, 787a8e1175bSopenharmony_ci int finish_result, int tag_result) 788a8e1175bSopenharmony_ci{ 789a8e1175bSopenharmony_ci unsigned char output[265]; 790a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx; 791a8e1175bSopenharmony_ci size_t outlen, total_len; 792a8e1175bSopenharmony_ci 793a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx); 794a8e1175bSopenharmony_ci 795a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 796a8e1175bSopenharmony_ci 797a8e1175bSopenharmony_ci#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C) 798a8e1175bSopenharmony_ci ((void) ad); 799a8e1175bSopenharmony_ci ((void) tag); 800a8e1175bSopenharmony_ci#endif 801a8e1175bSopenharmony_ci 802a8e1175bSopenharmony_ci /* Prepare context */ 803a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 804a8e1175bSopenharmony_ci mbedtls_cipher_info_from_type(cipher_id))); 805a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT)); 806a8e1175bSopenharmony_ci#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 807a8e1175bSopenharmony_ci if (pad_mode != -1) { 808a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 809a8e1175bSopenharmony_ci } 810a8e1175bSopenharmony_ci#else 811a8e1175bSopenharmony_ci (void) pad_mode; 812a8e1175bSopenharmony_ci#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 813a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv->x, iv->len)); 814a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 815a8e1175bSopenharmony_ci#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 816a8e1175bSopenharmony_ci int expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 817a8e1175bSopenharmony_ci ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 818a8e1175bSopenharmony_ci 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 819a8e1175bSopenharmony_ci 820a8e1175bSopenharmony_ci TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, ad->x, ad->len)); 821a8e1175bSopenharmony_ci#endif 822a8e1175bSopenharmony_ci 823a8e1175bSopenharmony_ci /* decode buffer and check tag->x */ 824a8e1175bSopenharmony_ci total_len = 0; 825a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, cipher->x, cipher->len, output, &outlen)); 826a8e1175bSopenharmony_ci total_len += outlen; 827a8e1175bSopenharmony_ci TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 828a8e1175bSopenharmony_ci &outlen)); 829a8e1175bSopenharmony_ci total_len += outlen; 830a8e1175bSopenharmony_ci#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 831a8e1175bSopenharmony_ci int tag_expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 832a8e1175bSopenharmony_ci ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 833a8e1175bSopenharmony_ci tag_result : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 834a8e1175bSopenharmony_ci 835a8e1175bSopenharmony_ci TEST_EQUAL(tag_expected, mbedtls_cipher_check_tag(&ctx, tag->x, tag->len)); 836a8e1175bSopenharmony_ci#endif 837a8e1175bSopenharmony_ci 838a8e1175bSopenharmony_ci /* check plaintext only if everything went fine */ 839a8e1175bSopenharmony_ci if (0 == finish_result && 0 == tag_result) { 840a8e1175bSopenharmony_ci TEST_ASSERT(total_len == clear->len); 841a8e1175bSopenharmony_ci TEST_ASSERT(0 == memcmp(output, clear->x, clear->len)); 842a8e1175bSopenharmony_ci } 843a8e1175bSopenharmony_ci 844a8e1175bSopenharmony_ciexit: 845a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx); 846a8e1175bSopenharmony_ci} 847a8e1175bSopenharmony_ci/* END_CASE */ 848a8e1175bSopenharmony_ci 849a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */ 850a8e1175bSopenharmony_civoid auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, 851a8e1175bSopenharmony_ci data_t *ad, data_t *cipher, data_t *tag, 852a8e1175bSopenharmony_ci char *result, data_t *clear, int use_psa) 853a8e1175bSopenharmony_ci{ 854a8e1175bSopenharmony_ci /* 855a8e1175bSopenharmony_ci * Take an AEAD ciphertext + tag and perform a pair 856a8e1175bSopenharmony_ci * of AEAD decryption and AEAD encryption. Check that 857a8e1175bSopenharmony_ci * this results in the expected plaintext, and that 858a8e1175bSopenharmony_ci * decryption and encryption are inverse to one another. 859a8e1175bSopenharmony_ci */ 860a8e1175bSopenharmony_ci 861a8e1175bSopenharmony_ci int ret; 862a8e1175bSopenharmony_ci int using_nist_kw, using_nist_kw_padding; 863a8e1175bSopenharmony_ci 864a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx; 865a8e1175bSopenharmony_ci size_t outlen; 866a8e1175bSopenharmony_ci 867a8e1175bSopenharmony_ci unsigned char *cipher_plus_tag = NULL; 868a8e1175bSopenharmony_ci size_t cipher_plus_tag_len; 869a8e1175bSopenharmony_ci unsigned char *decrypt_buf = NULL; 870a8e1175bSopenharmony_ci size_t decrypt_buf_len = 0; 871a8e1175bSopenharmony_ci unsigned char *encrypt_buf = NULL; 872a8e1175bSopenharmony_ci size_t encrypt_buf_len = 0; 873a8e1175bSopenharmony_ci 874a8e1175bSopenharmony_ci /* Null pointers are documented as valid for inputs of length 0. 875a8e1175bSopenharmony_ci * The test framework passes non-null pointers, so set them to NULL. 876a8e1175bSopenharmony_ci * key, cipher and tag can't be empty. */ 877a8e1175bSopenharmony_ci if (iv->len == 0) { 878a8e1175bSopenharmony_ci iv->x = NULL; 879a8e1175bSopenharmony_ci } 880a8e1175bSopenharmony_ci if (ad->len == 0) { 881a8e1175bSopenharmony_ci ad->x = NULL; 882a8e1175bSopenharmony_ci } 883a8e1175bSopenharmony_ci if (clear->len == 0) { 884a8e1175bSopenharmony_ci clear->x = NULL; 885a8e1175bSopenharmony_ci } 886a8e1175bSopenharmony_ci 887a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx); 888a8e1175bSopenharmony_ci 889a8e1175bSopenharmony_ci /* Initialize PSA Crypto */ 890a8e1175bSopenharmony_ci#if defined(MBEDTLS_USE_PSA_CRYPTO) 891a8e1175bSopenharmony_ci if (use_psa == 1) { 892a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 893a8e1175bSopenharmony_ci } 894a8e1175bSopenharmony_ci#else 895a8e1175bSopenharmony_ci (void) use_psa; 896a8e1175bSopenharmony_ci#endif 897a8e1175bSopenharmony_ci 898a8e1175bSopenharmony_ci /* 899a8e1175bSopenharmony_ci * Are we using NIST_KW? with padding? 900a8e1175bSopenharmony_ci */ 901a8e1175bSopenharmony_ci using_nist_kw_padding = cipher_id == MBEDTLS_CIPHER_AES_128_KWP || 902a8e1175bSopenharmony_ci cipher_id == MBEDTLS_CIPHER_AES_192_KWP || 903a8e1175bSopenharmony_ci cipher_id == MBEDTLS_CIPHER_AES_256_KWP; 904a8e1175bSopenharmony_ci using_nist_kw = cipher_id == MBEDTLS_CIPHER_AES_128_KW || 905a8e1175bSopenharmony_ci cipher_id == MBEDTLS_CIPHER_AES_192_KW || 906a8e1175bSopenharmony_ci cipher_id == MBEDTLS_CIPHER_AES_256_KW || 907a8e1175bSopenharmony_ci using_nist_kw_padding; 908a8e1175bSopenharmony_ci 909a8e1175bSopenharmony_ci /* 910a8e1175bSopenharmony_ci * Prepare context for decryption 911a8e1175bSopenharmony_ci */ 912a8e1175bSopenharmony_ci if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 913a8e1175bSopenharmony_ci MBEDTLS_DECRYPT)) { 914a8e1175bSopenharmony_ci goto exit; 915a8e1175bSopenharmony_ci } 916a8e1175bSopenharmony_ci 917a8e1175bSopenharmony_ci /* 918a8e1175bSopenharmony_ci * prepare buffer for decryption 919a8e1175bSopenharmony_ci * (we need the tag appended to the ciphertext) 920a8e1175bSopenharmony_ci */ 921a8e1175bSopenharmony_ci cipher_plus_tag_len = cipher->len + tag->len; 922a8e1175bSopenharmony_ci TEST_CALLOC(cipher_plus_tag, cipher_plus_tag_len); 923a8e1175bSopenharmony_ci memcpy(cipher_plus_tag, cipher->x, cipher->len); 924a8e1175bSopenharmony_ci memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len); 925a8e1175bSopenharmony_ci 926a8e1175bSopenharmony_ci /* 927a8e1175bSopenharmony_ci * Compute length of output buffer according to the documentation 928a8e1175bSopenharmony_ci */ 929a8e1175bSopenharmony_ci if (using_nist_kw) { 930a8e1175bSopenharmony_ci decrypt_buf_len = cipher_plus_tag_len - 8; 931a8e1175bSopenharmony_ci } else { 932a8e1175bSopenharmony_ci decrypt_buf_len = cipher_plus_tag_len - tag->len; 933a8e1175bSopenharmony_ci } 934a8e1175bSopenharmony_ci 935a8e1175bSopenharmony_ci 936a8e1175bSopenharmony_ci /* 937a8e1175bSopenharmony_ci * Try decrypting to a buffer that's 1B too small 938a8e1175bSopenharmony_ci */ 939a8e1175bSopenharmony_ci if (decrypt_buf_len != 0) { 940a8e1175bSopenharmony_ci TEST_CALLOC(decrypt_buf, decrypt_buf_len - 1); 941a8e1175bSopenharmony_ci 942a8e1175bSopenharmony_ci outlen = 0; 943a8e1175bSopenharmony_ci ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 944a8e1175bSopenharmony_ci ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 945a8e1175bSopenharmony_ci decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len); 946a8e1175bSopenharmony_ci TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 947a8e1175bSopenharmony_ci 948a8e1175bSopenharmony_ci mbedtls_free(decrypt_buf); 949a8e1175bSopenharmony_ci decrypt_buf = NULL; 950a8e1175bSopenharmony_ci } 951a8e1175bSopenharmony_ci 952a8e1175bSopenharmony_ci /* 953a8e1175bSopenharmony_ci * Authenticate and decrypt, and check result 954a8e1175bSopenharmony_ci */ 955a8e1175bSopenharmony_ci TEST_CALLOC(decrypt_buf, decrypt_buf_len); 956a8e1175bSopenharmony_ci 957a8e1175bSopenharmony_ci outlen = 0; 958a8e1175bSopenharmony_ci ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 959a8e1175bSopenharmony_ci ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 960a8e1175bSopenharmony_ci decrypt_buf, decrypt_buf_len, &outlen, tag->len); 961a8e1175bSopenharmony_ci 962a8e1175bSopenharmony_ci if (strcmp(result, "FAIL") == 0) { 963a8e1175bSopenharmony_ci TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED); 964a8e1175bSopenharmony_ci TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len)); 965a8e1175bSopenharmony_ci } else { 966a8e1175bSopenharmony_ci TEST_ASSERT(ret == 0); 967a8e1175bSopenharmony_ci TEST_MEMORY_COMPARE(decrypt_buf, outlen, clear->x, clear->len); 968a8e1175bSopenharmony_ci } 969a8e1175bSopenharmony_ci 970a8e1175bSopenharmony_ci mbedtls_free(decrypt_buf); 971a8e1175bSopenharmony_ci decrypt_buf = NULL; 972a8e1175bSopenharmony_ci 973a8e1175bSopenharmony_ci /* 974a8e1175bSopenharmony_ci * Encrypt back if test data was authentic 975a8e1175bSopenharmony_ci */ 976a8e1175bSopenharmony_ci if (strcmp(result, "FAIL") != 0) { 977a8e1175bSopenharmony_ci /* prepare context for encryption */ 978a8e1175bSopenharmony_ci if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 979a8e1175bSopenharmony_ci MBEDTLS_ENCRYPT)) { 980a8e1175bSopenharmony_ci goto exit; 981a8e1175bSopenharmony_ci } 982a8e1175bSopenharmony_ci 983a8e1175bSopenharmony_ci /* 984a8e1175bSopenharmony_ci * Compute size of output buffer according to documentation 985a8e1175bSopenharmony_ci */ 986a8e1175bSopenharmony_ci if (using_nist_kw) { 987a8e1175bSopenharmony_ci encrypt_buf_len = clear->len + 8; 988a8e1175bSopenharmony_ci if (using_nist_kw_padding && encrypt_buf_len % 8 != 0) { 989a8e1175bSopenharmony_ci encrypt_buf_len += 8 - encrypt_buf_len % 8; 990a8e1175bSopenharmony_ci } 991a8e1175bSopenharmony_ci } else { 992a8e1175bSopenharmony_ci encrypt_buf_len = clear->len + tag->len; 993a8e1175bSopenharmony_ci } 994a8e1175bSopenharmony_ci 995a8e1175bSopenharmony_ci /* 996a8e1175bSopenharmony_ci * Try encrypting with an output buffer that's 1B too small 997a8e1175bSopenharmony_ci */ 998a8e1175bSopenharmony_ci TEST_CALLOC(encrypt_buf, encrypt_buf_len - 1); 999a8e1175bSopenharmony_ci 1000a8e1175bSopenharmony_ci outlen = 0; 1001a8e1175bSopenharmony_ci ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 1002a8e1175bSopenharmony_ci ad->x, ad->len, clear->x, clear->len, 1003a8e1175bSopenharmony_ci encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len); 1004a8e1175bSopenharmony_ci TEST_ASSERT(ret != 0); 1005a8e1175bSopenharmony_ci 1006a8e1175bSopenharmony_ci mbedtls_free(encrypt_buf); 1007a8e1175bSopenharmony_ci encrypt_buf = NULL; 1008a8e1175bSopenharmony_ci 1009a8e1175bSopenharmony_ci /* 1010a8e1175bSopenharmony_ci * Encrypt and check the result 1011a8e1175bSopenharmony_ci */ 1012a8e1175bSopenharmony_ci TEST_CALLOC(encrypt_buf, encrypt_buf_len); 1013a8e1175bSopenharmony_ci 1014a8e1175bSopenharmony_ci outlen = 0; 1015a8e1175bSopenharmony_ci ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 1016a8e1175bSopenharmony_ci ad->x, ad->len, clear->x, clear->len, 1017a8e1175bSopenharmony_ci encrypt_buf, encrypt_buf_len, &outlen, tag->len); 1018a8e1175bSopenharmony_ci TEST_ASSERT(ret == 0); 1019a8e1175bSopenharmony_ci 1020a8e1175bSopenharmony_ci TEST_ASSERT(outlen == cipher->len + tag->len); 1021a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(encrypt_buf, cipher->x, cipher->len) == 0); 1022a8e1175bSopenharmony_ci TEST_ASSERT(memcmp(encrypt_buf + cipher->len, 1023a8e1175bSopenharmony_ci tag->x, tag->len) == 0); 1024a8e1175bSopenharmony_ci 1025a8e1175bSopenharmony_ci mbedtls_free(encrypt_buf); 1026a8e1175bSopenharmony_ci encrypt_buf = NULL; 1027a8e1175bSopenharmony_ci } 1028a8e1175bSopenharmony_ci 1029a8e1175bSopenharmony_ciexit: 1030a8e1175bSopenharmony_ci 1031a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx); 1032a8e1175bSopenharmony_ci mbedtls_free(decrypt_buf); 1033a8e1175bSopenharmony_ci mbedtls_free(encrypt_buf); 1034a8e1175bSopenharmony_ci mbedtls_free(cipher_plus_tag); 1035a8e1175bSopenharmony_ci 1036a8e1175bSopenharmony_ci#if defined(MBEDTLS_USE_PSA_CRYPTO) 1037a8e1175bSopenharmony_ci if (use_psa == 1) { 1038a8e1175bSopenharmony_ci PSA_DONE(); 1039a8e1175bSopenharmony_ci } 1040a8e1175bSopenharmony_ci#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1041a8e1175bSopenharmony_ci} 1042a8e1175bSopenharmony_ci/* END_CASE */ 1043a8e1175bSopenharmony_ci 1044a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1045a8e1175bSopenharmony_civoid test_vec_ecb(int cipher_id, int operation, data_t *key, 1046a8e1175bSopenharmony_ci data_t *input, data_t *result, int finish_result 1047a8e1175bSopenharmony_ci ) 1048a8e1175bSopenharmony_ci{ 1049a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx; 1050a8e1175bSopenharmony_ci unsigned char output[32]; 1051a8e1175bSopenharmony_ci size_t outlen; 1052a8e1175bSopenharmony_ci 1053a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx); 1054a8e1175bSopenharmony_ci 1055a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 1056a8e1175bSopenharmony_ci 1057a8e1175bSopenharmony_ci /* Prepare context */ 1058a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1059a8e1175bSopenharmony_ci mbedtls_cipher_info_from_type(cipher_id))); 1060a8e1175bSopenharmony_ci 1061a8e1175bSopenharmony_ci 1062a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1063a8e1175bSopenharmony_ci 1064a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, input->x, 1065a8e1175bSopenharmony_ci mbedtls_cipher_get_block_size(&ctx), 1066a8e1175bSopenharmony_ci output, &outlen)); 1067a8e1175bSopenharmony_ci TEST_ASSERT(outlen == mbedtls_cipher_get_block_size(&ctx)); 1068a8e1175bSopenharmony_ci TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 1069a8e1175bSopenharmony_ci &outlen)); 1070a8e1175bSopenharmony_ci TEST_ASSERT(0 == outlen); 1071a8e1175bSopenharmony_ci 1072a8e1175bSopenharmony_ci /* check plaintext only if everything went fine */ 1073a8e1175bSopenharmony_ci if (0 == finish_result) { 1074a8e1175bSopenharmony_ci TEST_ASSERT(0 == memcmp(output, result->x, 1075a8e1175bSopenharmony_ci mbedtls_cipher_get_block_size(&ctx))); 1076a8e1175bSopenharmony_ci } 1077a8e1175bSopenharmony_ci 1078a8e1175bSopenharmony_ciexit: 1079a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx); 1080a8e1175bSopenharmony_ci} 1081a8e1175bSopenharmony_ci/* END_CASE */ 1082a8e1175bSopenharmony_ci 1083a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1084a8e1175bSopenharmony_civoid test_vec_crypt(int cipher_id, int operation, data_t *key, 1085a8e1175bSopenharmony_ci data_t *iv, data_t *input, data_t *result, 1086a8e1175bSopenharmony_ci int finish_result, int use_psa) 1087a8e1175bSopenharmony_ci{ 1088a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx; 1089a8e1175bSopenharmony_ci unsigned char output[32]; 1090a8e1175bSopenharmony_ci size_t outlen; 1091a8e1175bSopenharmony_ci 1092a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx); 1093a8e1175bSopenharmony_ci 1094a8e1175bSopenharmony_ci memset(output, 0x00, sizeof(output)); 1095a8e1175bSopenharmony_ci 1096a8e1175bSopenharmony_ci /* Prepare context */ 1097a8e1175bSopenharmony_ci#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 1098a8e1175bSopenharmony_ci (void) use_psa; 1099a8e1175bSopenharmony_ci#else 1100a8e1175bSopenharmony_ci if (use_psa == 1) { 1101a8e1175bSopenharmony_ci PSA_ASSERT(psa_crypto_init()); 1102a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup_psa(&ctx, 1103a8e1175bSopenharmony_ci mbedtls_cipher_info_from_type(cipher_id), 0)); 1104a8e1175bSopenharmony_ci } else 1105a8e1175bSopenharmony_ci#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED*/ 1106a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1107a8e1175bSopenharmony_ci mbedtls_cipher_info_from_type(cipher_id))); 1108a8e1175bSopenharmony_ci 1109a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1110a8e1175bSopenharmony_ci if (MBEDTLS_MODE_CBC == ctx.cipher_info->mode) { 1111a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); 1112a8e1175bSopenharmony_ci } 1113a8e1175bSopenharmony_ci 1114a8e1175bSopenharmony_ci TEST_ASSERT(finish_result == mbedtls_cipher_crypt(&ctx, iv->len ? iv->x : NULL, 1115a8e1175bSopenharmony_ci iv->len, input->x, input->len, 1116a8e1175bSopenharmony_ci output, &outlen)); 1117a8e1175bSopenharmony_ci TEST_ASSERT(result->len == outlen); 1118a8e1175bSopenharmony_ci /* check plaintext only if everything went fine */ 1119a8e1175bSopenharmony_ci if (0 == finish_result) { 1120a8e1175bSopenharmony_ci TEST_ASSERT(0 == memcmp(output, result->x, outlen)); 1121a8e1175bSopenharmony_ci } 1122a8e1175bSopenharmony_ci 1123a8e1175bSopenharmony_ciexit: 1124a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx); 1125a8e1175bSopenharmony_ci#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_TEST_DEPRECATED) 1126a8e1175bSopenharmony_ci PSA_DONE(); 1127a8e1175bSopenharmony_ci#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_TEST_DEPRECATED */ 1128a8e1175bSopenharmony_ci} 1129a8e1175bSopenharmony_ci/* END_CASE */ 1130a8e1175bSopenharmony_ci 1131a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1132a8e1175bSopenharmony_civoid set_padding(int cipher_id, int pad_mode, int ret) 1133a8e1175bSopenharmony_ci{ 1134a8e1175bSopenharmony_ci const mbedtls_cipher_info_t *cipher_info; 1135a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx; 1136a8e1175bSopenharmony_ci 1137a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx); 1138a8e1175bSopenharmony_ci 1139a8e1175bSopenharmony_ci cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1140a8e1175bSopenharmony_ci TEST_ASSERT(NULL != cipher_info); 1141a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 1142a8e1175bSopenharmony_ci 1143a8e1175bSopenharmony_ci TEST_ASSERT(ret == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1144a8e1175bSopenharmony_ci 1145a8e1175bSopenharmony_ciexit: 1146a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx); 1147a8e1175bSopenharmony_ci} 1148a8e1175bSopenharmony_ci/* END_CASE */ 1149a8e1175bSopenharmony_ci 1150a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ 1151a8e1175bSopenharmony_civoid check_padding(int pad_mode, data_t *input, int ret, int dlen_check 1152a8e1175bSopenharmony_ci ) 1153a8e1175bSopenharmony_ci{ 1154a8e1175bSopenharmony_ci mbedtls_cipher_info_t cipher_info; 1155a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx; 1156a8e1175bSopenharmony_ci size_t dlen; 1157a8e1175bSopenharmony_ci 1158a8e1175bSopenharmony_ci /* build a fake context just for getting access to get_padding */ 1159a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx); 1160a8e1175bSopenharmony_ci cipher_info.mode = MBEDTLS_MODE_CBC; 1161a8e1175bSopenharmony_ci ctx.cipher_info = &cipher_info; 1162a8e1175bSopenharmony_ci 1163a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1164a8e1175bSopenharmony_ci 1165a8e1175bSopenharmony_ci 1166a8e1175bSopenharmony_ci TEST_ASSERT(ret == ctx.get_padding(input->x, input->len, &dlen)); 1167a8e1175bSopenharmony_ci if (0 == ret) { 1168a8e1175bSopenharmony_ci TEST_ASSERT(dlen == (size_t) dlen_check); 1169a8e1175bSopenharmony_ci } 1170a8e1175bSopenharmony_ci} 1171a8e1175bSopenharmony_ci/* END_CASE */ 1172a8e1175bSopenharmony_ci 1173a8e1175bSopenharmony_ci/* BEGIN_CASE */ 1174a8e1175bSopenharmony_civoid iv_len_validity(int cipher_id, char *cipher_string, 1175a8e1175bSopenharmony_ci int iv_len_val, int ret) 1176a8e1175bSopenharmony_ci{ 1177a8e1175bSopenharmony_ci size_t iv_len = iv_len_val; 1178a8e1175bSopenharmony_ci unsigned char iv[16]; 1179a8e1175bSopenharmony_ci 1180a8e1175bSopenharmony_ci /* Initialise iv buffer */ 1181a8e1175bSopenharmony_ci memset(iv, 0, sizeof(iv)); 1182a8e1175bSopenharmony_ci 1183a8e1175bSopenharmony_ci const mbedtls_cipher_info_t *cipher_info; 1184a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx_dec; 1185a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx_enc; 1186a8e1175bSopenharmony_ci 1187a8e1175bSopenharmony_ci /* 1188a8e1175bSopenharmony_ci * Prepare contexts 1189a8e1175bSopenharmony_ci */ 1190a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx_dec); 1191a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx_enc); 1192a8e1175bSopenharmony_ci 1193a8e1175bSopenharmony_ci /* Check and get info structures */ 1194a8e1175bSopenharmony_ci cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1195a8e1175bSopenharmony_ci TEST_ASSERT(NULL != cipher_info); 1196a8e1175bSopenharmony_ci TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 1197a8e1175bSopenharmony_ci TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info), 1198a8e1175bSopenharmony_ci cipher_string) == 0); 1199a8e1175bSopenharmony_ci 1200a8e1175bSopenharmony_ci /* Initialise enc and dec contexts */ 1201a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 1202a8e1175bSopenharmony_ci TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 1203a8e1175bSopenharmony_ci 1204a8e1175bSopenharmony_ci TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 1205a8e1175bSopenharmony_ci TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 1206a8e1175bSopenharmony_ci 1207a8e1175bSopenharmony_ciexit: 1208a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx_dec); 1209a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx_enc); 1210a8e1175bSopenharmony_ci} 1211a8e1175bSopenharmony_ci/* END_CASE */ 1212a8e1175bSopenharmony_ci 1213a8e1175bSopenharmony_ci/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1214a8e1175bSopenharmony_civoid check_set_padding(int cipher_id) 1215a8e1175bSopenharmony_ci{ 1216a8e1175bSopenharmony_ci mbedtls_cipher_context_t ctx; 1217a8e1175bSopenharmony_ci unsigned char *key = NULL; 1218a8e1175bSopenharmony_ci unsigned char iv[16] = { 0 }; 1219a8e1175bSopenharmony_ci unsigned char input[16] = { 0 }; 1220a8e1175bSopenharmony_ci unsigned char output[32] = { 0 }; 1221a8e1175bSopenharmony_ci size_t outlen = 0; 1222a8e1175bSopenharmony_ci const mbedtls_cipher_info_t *cipher_info; 1223a8e1175bSopenharmony_ci size_t keylen = 0; 1224a8e1175bSopenharmony_ci 1225a8e1175bSopenharmony_ci mbedtls_cipher_init(&ctx); 1226a8e1175bSopenharmony_ci 1227a8e1175bSopenharmony_ci cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1228a8e1175bSopenharmony_ci 1229a8e1175bSopenharmony_ci if (cipher_info->mode != MBEDTLS_MODE_CBC) { 1230a8e1175bSopenharmony_ci TEST_FAIL("Cipher mode must be CBC"); 1231a8e1175bSopenharmony_ci } 1232a8e1175bSopenharmony_ci 1233a8e1175bSopenharmony_ci keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info); 1234a8e1175bSopenharmony_ci TEST_CALLOC(key, keylen/8); 1235a8e1175bSopenharmony_ci memset(key, 0, keylen/8); 1236a8e1175bSopenharmony_ci 1237a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_cipher_setup(&ctx, cipher_info)); 1238a8e1175bSopenharmony_ci 1239a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_cipher_setkey(&ctx, key, keylen, 1240a8e1175bSopenharmony_ci MBEDTLS_ENCRYPT)); 1241a8e1175bSopenharmony_ci 1242a8e1175bSopenharmony_ci TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 1243a8e1175bSopenharmony_ci mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input, 1244a8e1175bSopenharmony_ci sizeof(input), output, &outlen)); 1245a8e1175bSopenharmony_ci 1246a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); 1247a8e1175bSopenharmony_ci TEST_EQUAL(0, mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input, 1248a8e1175bSopenharmony_ci sizeof(input), output, &outlen)); 1249a8e1175bSopenharmony_ci 1250a8e1175bSopenharmony_ciexit: 1251a8e1175bSopenharmony_ci mbedtls_cipher_free(&ctx); 1252a8e1175bSopenharmony_ci mbedtls_free(key); 1253a8e1175bSopenharmony_ci} 1254a8e1175bSopenharmony_ci/* END_CASE */ 1255