1/* BEGIN_HEADER */ 2#include "mbedtls/cipher.h" 3 4#if defined(MBEDTLS_AES_C) 5#include "mbedtls/aes.h" 6#endif 7 8#if defined(MBEDTLS_GCM_C) 9#include "mbedtls/gcm.h" 10#endif 11 12#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) 13#define MBEDTLS_CIPHER_AUTH_CRYPT 14#endif 15 16/* Check the internal consistency of a cipher info structure, and 17 * check it against mbedtls_cipher_info_from_xxx(). */ 18static int check_cipher_info( mbedtls_cipher_type_t type, 19 const mbedtls_cipher_info_t *info ) 20{ 21 size_t key_bitlen, block_size, iv_size; 22 23 TEST_ASSERT( info != NULL ); 24 TEST_EQUAL( type, mbedtls_cipher_info_get_type( info ) ); 25 TEST_EQUAL( type, info->type ); 26 TEST_ASSERT( mbedtls_cipher_info_from_type( type ) == info ); 27 28 TEST_EQUAL( info->mode, mbedtls_cipher_info_get_mode( info ) ); 29 30 /* Insist that get_name() return the string from the structure and 31 * not a copy. A copy would have an unknown storage duration. */ 32 TEST_ASSERT( mbedtls_cipher_info_get_name( info ) == info->name ); 33 TEST_ASSERT( mbedtls_cipher_info_from_string( info->name ) == info ); 34 35 key_bitlen = mbedtls_cipher_info_get_key_bitlen( info ); 36 block_size = mbedtls_cipher_info_get_block_size( info ); 37 iv_size = mbedtls_cipher_info_get_iv_size( info ); 38 if( info->type == MBEDTLS_CIPHER_NULL ) 39 { 40 TEST_ASSERT( key_bitlen == 0 ); 41 TEST_ASSERT( block_size == 1 ); 42 TEST_ASSERT( iv_size == 0 ); 43 } 44 else if( info->mode == MBEDTLS_MODE_XTS ) 45 { 46 TEST_ASSERT( key_bitlen == 256 || 47 key_bitlen == 384 || 48 key_bitlen == 512 ); 49 } 50 else if( ! strncmp( info->name, "DES-EDE3-", 9 ) ) 51 { 52 TEST_ASSERT( key_bitlen == 192 ); 53 TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) ); 54 TEST_ASSERT( block_size == 8 ); 55 } 56 else if( ! strncmp( info->name, "DES-EDE-", 8 ) ) 57 { 58 TEST_ASSERT( key_bitlen == 128 ); 59 TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) ); 60 TEST_ASSERT( block_size == 8 ); 61 } 62 else if( ! strncmp( info->name, "DES-", 4 ) ) 63 { 64 TEST_ASSERT( key_bitlen == 64 ); 65 TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) ); 66 TEST_ASSERT( block_size == 8 ); 67 } 68 else if( ! strncmp( info->name, "AES", 3 ) ) 69 { 70 TEST_ASSERT( key_bitlen == 128 || 71 key_bitlen == 192 || 72 key_bitlen == 256 ); 73 TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) ); 74 TEST_ASSERT( block_size == 16 ); 75 } 76 else 77 { 78 TEST_ASSERT( key_bitlen == 128 || 79 key_bitlen == 192 || 80 key_bitlen == 256 ); 81 } 82 83 if( strstr( info->name, "-ECB" ) != NULL ) 84 { 85 TEST_ASSERT( iv_size == 0 ); 86 TEST_ASSERT( ! mbedtls_cipher_info_has_variable_iv_size( info ) ); 87 } 88 else if( strstr( info->name, "-CBC" ) != NULL || 89 strstr( info->name, "-CTR" ) != NULL ) 90 { 91 TEST_ASSERT( iv_size == block_size ); 92 TEST_ASSERT( ! mbedtls_cipher_info_has_variable_iv_size( info ) ); 93 } 94 else if( strstr( info->name, "-GCM" ) != NULL ) 95 { 96 TEST_ASSERT( iv_size == block_size - 4 ); 97 TEST_ASSERT( mbedtls_cipher_info_has_variable_iv_size( info ) ); 98 } 99 100 return( 1 ); 101 102exit: 103 return( 0 ); 104} 105 106#if defined(MBEDTLS_CIPHER_AUTH_CRYPT) 107/* Helper for resetting key/direction 108 * 109 * The documentation doesn't explicitly say whether calling 110 * mbedtls_cipher_setkey() twice is allowed or not. This currently works with 111 * the default software implementation, but only by accident. It isn't 112 * guaranteed to work with new ciphers or with alternative implementations of 113 * individual ciphers, and it doesn't work with the PSA wrappers. So don't do 114 * it, and instead start with a fresh context. 115 */ 116static int cipher_reset_key( mbedtls_cipher_context_t *ctx, int cipher_id, 117 int use_psa, size_t tag_len, const data_t *key, int direction ) 118{ 119 mbedtls_cipher_free( ctx ); 120 mbedtls_cipher_init( ctx ); 121 122#if !defined(MBEDTLS_USE_PSA_CRYPTO) 123 (void) use_psa; 124 (void) tag_len; 125#else 126 if( use_psa == 1 ) 127 { 128 TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( ctx, 129 mbedtls_cipher_info_from_type( cipher_id ), 130 tag_len ) ); 131 } 132 else 133#endif /* MBEDTLS_USE_PSA_CRYPTO */ 134 { 135 TEST_ASSERT( 0 == mbedtls_cipher_setup( ctx, 136 mbedtls_cipher_info_from_type( cipher_id ) ) ); 137 } 138 139 TEST_ASSERT( 0 == mbedtls_cipher_setkey( ctx, key->x, 8 * key->len, 140 direction ) ); 141 return( 1 ); 142 143exit: 144 return( 0 ); 145} 146 147/* 148 * Check if a buffer is all-0 bytes: 149 * return 1 if it is, 150 * 0 if it isn't. 151 */ 152int buffer_is_all_zero( const uint8_t *buf, size_t size ) 153{ 154 for( size_t i = 0; i < size; i++ ) 155 if( buf[i] != 0 ) 156 return 0; 157 return 1; 158} 159#endif /* MBEDTLS_CIPHER_AUTH_CRYPT */ 160 161/* END_HEADER */ 162 163/* BEGIN_DEPENDENCIES 164 * depends_on:MBEDTLS_CIPHER_C 165 * END_DEPENDENCIES 166 */ 167 168/* BEGIN_CASE */ 169void mbedtls_cipher_list( ) 170{ 171 const int *cipher_type; 172 173 for( cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++ ) 174 { 175 const mbedtls_cipher_info_t *info = 176 mbedtls_cipher_info_from_type( *cipher_type ); 177 mbedtls_test_set_step( *cipher_type ); 178 if( ! check_cipher_info( *cipher_type, info ) ) 179 goto exit; 180 } 181} 182/* END_CASE */ 183 184/* BEGIN_CASE */ 185void cipher_invalid_param_unconditional( ) 186{ 187 mbedtls_cipher_context_t valid_ctx; 188 mbedtls_cipher_context_t invalid_ctx; 189 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; 190 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; 191 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 192 int valid_size = sizeof(valid_buffer); 193 int valid_bitlen = valid_size * 8; 194 const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type( 195 *( mbedtls_cipher_list() ) ); 196 size_t size_t_var; 197 198 (void)valid_mode; /* In some configurations this is unused */ 199 200 mbedtls_cipher_init( &valid_ctx ); 201 mbedtls_cipher_init( &invalid_ctx ); 202 203 TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, valid_info ) == 0 ); 204 205 /* mbedtls_cipher_setup() */ 206 TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, NULL ) == 207 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 208 209 /* mbedtls_cipher_get_block_size() */ 210 TEST_ASSERT( mbedtls_cipher_get_block_size( &invalid_ctx ) == 0 ); 211 212 /* mbedtls_cipher_get_cipher_mode() */ 213 TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &invalid_ctx ) == 214 MBEDTLS_MODE_NONE ); 215 216 /* mbedtls_cipher_get_iv_size() */ 217 TEST_ASSERT( mbedtls_cipher_get_iv_size( &invalid_ctx ) == 0 ); 218 219 /* mbedtls_cipher_get_type() */ 220 TEST_ASSERT( 221 mbedtls_cipher_get_type( &invalid_ctx ) == 222 MBEDTLS_CIPHER_NONE); 223 224 /* mbedtls_cipher_get_name() */ 225 TEST_ASSERT( mbedtls_cipher_get_name( &invalid_ctx ) == 0 ); 226 227 /* mbedtls_cipher_get_key_bitlen() */ 228 TEST_ASSERT( mbedtls_cipher_get_key_bitlen( &invalid_ctx ) == 229 MBEDTLS_KEY_LENGTH_NONE ); 230 231 /* mbedtls_cipher_get_operation() */ 232 TEST_ASSERT( mbedtls_cipher_get_operation( &invalid_ctx ) == 233 MBEDTLS_OPERATION_NONE ); 234 235 /* mbedtls_cipher_setkey() */ 236 TEST_ASSERT( 237 mbedtls_cipher_setkey( &invalid_ctx, 238 valid_buffer, 239 valid_bitlen, 240 valid_operation ) == 241 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 242 243 /* mbedtls_cipher_set_iv() */ 244 TEST_ASSERT( 245 mbedtls_cipher_set_iv( &invalid_ctx, 246 valid_buffer, 247 valid_size ) == 248 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 249 250 /* mbedtls_cipher_reset() */ 251 TEST_ASSERT( mbedtls_cipher_reset( &invalid_ctx ) == 252 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 253 254#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 255 /* mbedtls_cipher_update_ad() */ 256 TEST_ASSERT( 257 mbedtls_cipher_update_ad( &invalid_ctx, 258 valid_buffer, 259 valid_size ) == 260 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 261#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 262 263#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 264 /* mbedtls_cipher_set_padding_mode() */ 265 TEST_ASSERT( mbedtls_cipher_set_padding_mode( &invalid_ctx, valid_mode ) == 266 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 267#endif 268 269 /* mbedtls_cipher_update() */ 270 TEST_ASSERT( 271 mbedtls_cipher_update( &invalid_ctx, 272 valid_buffer, 273 valid_size, 274 valid_buffer, 275 &size_t_var ) == 276 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 277 278 /* mbedtls_cipher_finish() */ 279 TEST_ASSERT( 280 mbedtls_cipher_finish( &invalid_ctx, 281 valid_buffer, 282 &size_t_var ) == 283 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 284 285#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 286 /* mbedtls_cipher_write_tag() */ 287 TEST_ASSERT( 288 mbedtls_cipher_write_tag( &invalid_ctx, 289 valid_buffer, 290 valid_size ) == 291 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 292 293 /* mbedtls_cipher_check_tag() */ 294 TEST_ASSERT( 295 mbedtls_cipher_check_tag( &invalid_ctx, 296 valid_buffer, 297 valid_size ) == 298 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 299#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 300 301exit: 302 mbedtls_cipher_free( &invalid_ctx ); 303 mbedtls_cipher_free( &valid_ctx ); 304} 305/* END_CASE */ 306 307/* BEGIN_CASE depends_on:NOT_DEFINED */ 308void cipher_invalid_param_conditional( ) 309{ 310 mbedtls_cipher_context_t valid_ctx; 311 312 mbedtls_operation_t invalid_operation = 100; 313 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 314 int valid_size = sizeof(valid_buffer); 315 int valid_bitlen = valid_size * 8; 316 const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type( 317 *( mbedtls_cipher_list() ) ); 318 319 TEST_EQUAL( 320 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 321 mbedtls_cipher_setkey( &valid_ctx, 322 valid_buffer, 323 valid_bitlen, 324 invalid_operation ) ); 325 326exit: 327 ; 328} 329/* END_CASE */ 330 331/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 332void cipher_special_behaviours( ) 333{ 334 const mbedtls_cipher_info_t *cipher_info; 335 mbedtls_cipher_context_t ctx; 336 unsigned char input[32]; 337 unsigned char output[32]; 338#if defined (MBEDTLS_CIPHER_MODE_CBC) 339 unsigned char iv[32]; 340#endif 341 size_t olen = 0; 342 343 mbedtls_cipher_init( &ctx ); 344 memset( input, 0, sizeof( input ) ); 345 memset( output, 0, sizeof( output ) ); 346#if defined(MBEDTLS_CIPHER_MODE_CBC) 347 memset( iv, 0, sizeof( iv ) ); 348 349 /* Check and get info structures */ 350 cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC ); 351 TEST_ASSERT( NULL != cipher_info ); 352 353 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); 354 355 /* IV too big */ 356 TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1 ) 357 == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); 358 359 /* IV too small */ 360 TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, 0 ) 361 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 362 363 mbedtls_cipher_free( &ctx ); 364 mbedtls_cipher_init( &ctx ); 365#endif /* MBEDTLS_CIPHER_MODE_CBC */ 366 cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); 367 TEST_ASSERT( NULL != cipher_info ); 368 369 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); 370 371 /* Update ECB with partial block */ 372 TEST_ASSERT( mbedtls_cipher_update( &ctx, input, 1, output, &olen ) 373 == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); 374 375exit: 376 mbedtls_cipher_free( &ctx ); 377} 378/* END_CASE */ 379 380/* BEGIN_CASE */ 381void enc_dec_buf( int cipher_id, char * cipher_string, int key_len, 382 int length_val, int pad_mode ) 383{ 384 size_t length = length_val, outlen, total_len, i, block_size, iv_len; 385 unsigned char key[64]; 386 unsigned char iv[16]; 387 unsigned char ad[13]; 388 unsigned char tag[16]; 389 unsigned char inbuf[64]; 390 unsigned char encbuf[64]; 391 unsigned char decbuf[64]; 392 393 const mbedtls_cipher_info_t *cipher_info; 394 mbedtls_cipher_context_t ctx_dec; 395 mbedtls_cipher_context_t ctx_enc; 396 397 /* 398 * Prepare contexts 399 */ 400 mbedtls_cipher_init( &ctx_dec ); 401 mbedtls_cipher_init( &ctx_enc ); 402 403 memset( key, 0x2a, sizeof( key ) ); 404 405 /* Check and get info structures */ 406 cipher_info = mbedtls_cipher_info_from_type( cipher_id ); 407 TEST_ASSERT( NULL != cipher_info ); 408 TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info ); 409 TEST_ASSERT( strcmp( mbedtls_cipher_info_get_name( cipher_info ), 410 cipher_string ) == 0 ); 411 412 /* Initialise enc and dec contexts */ 413 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); 414 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) ); 415 416 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) ); 417 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) ); 418 419#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 420 if( -1 != pad_mode ) 421 { 422 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) ); 423 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) ); 424 } 425#else 426 (void) pad_mode; 427#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 428 429 /* 430 * Do a few encode/decode cycles 431 */ 432 for( i = 0; i < 3; i++ ) 433 { 434 memset( iv , 0x00 + i, sizeof( iv ) ); 435 memset( ad, 0x10 + i, sizeof( ad ) ); 436 memset( inbuf, 0x20 + i, sizeof( inbuf ) ); 437 438 memset( encbuf, 0, sizeof( encbuf ) ); 439 memset( decbuf, 0, sizeof( decbuf ) ); 440 memset( tag, 0, sizeof( tag ) ); 441 442 if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") ) 443 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 444 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 445 else 446 iv_len = sizeof(iv); 447 448 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) ); 449 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) ); 450 451 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) ); 452 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) ); 453 454#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 455 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, ad, sizeof( ad ) - i ) ); 456 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, ad, sizeof( ad ) - i ) ); 457#endif 458 459 block_size = mbedtls_cipher_get_block_size( &ctx_enc ); 460 TEST_ASSERT( block_size != 0 ); 461 462 /* encode length number of bytes from inbuf */ 463 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, length, encbuf, &outlen ) ); 464 total_len = outlen; 465 466 TEST_ASSERT( total_len == length || 467 ( total_len % block_size == 0 && 468 total_len < length && 469 total_len + block_size > length ) ); 470 471 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + outlen, &outlen ) ); 472 total_len += outlen; 473 474#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 475 TEST_ASSERT( 0 == mbedtls_cipher_write_tag( &ctx_enc, tag, sizeof( tag ) ) ); 476#endif 477 478 TEST_ASSERT( total_len == length || 479 ( total_len % block_size == 0 && 480 total_len > length && 481 total_len <= length + block_size ) ); 482 483 /* decode the previously encoded string */ 484 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, total_len, decbuf, &outlen ) ); 485 total_len = outlen; 486 487 TEST_ASSERT( total_len == length || 488 ( total_len % block_size == 0 && 489 total_len < length && 490 total_len + block_size >= length ) ); 491 492 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) ); 493 total_len += outlen; 494 495#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 496 TEST_ASSERT( 0 == mbedtls_cipher_check_tag( &ctx_dec, tag, sizeof( tag ) ) ); 497#endif 498 499 /* check result */ 500 TEST_ASSERT( total_len == length ); 501 TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) ); 502 } 503 504 /* 505 * Done 506 */ 507exit: 508 mbedtls_cipher_free( &ctx_dec ); 509 mbedtls_cipher_free( &ctx_enc ); 510} 511/* END_CASE */ 512 513/* BEGIN_CASE */ 514void enc_fail( int cipher_id, int pad_mode, int key_len, int length_val, 515 int ret ) 516{ 517 size_t length = length_val; 518 unsigned char key[32]; 519 unsigned char iv[16]; 520 521 const mbedtls_cipher_info_t *cipher_info; 522 mbedtls_cipher_context_t ctx; 523 524 unsigned char inbuf[64]; 525 unsigned char encbuf[64]; 526 527 size_t outlen = 0; 528 529 memset( key, 0, 32 ); 530 memset( iv , 0, 16 ); 531 532 mbedtls_cipher_init( &ctx ); 533 534 memset( inbuf, 5, 64 ); 535 memset( encbuf, 0, 64 ); 536 537 /* Check and get info structures */ 538 cipher_info = mbedtls_cipher_info_from_type( cipher_id ); 539 TEST_ASSERT( NULL != cipher_info ); 540 541 /* Initialise context */ 542 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); 543 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, key_len, MBEDTLS_ENCRYPT ) ); 544#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 545 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) ); 546#else 547 (void) pad_mode; 548#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 549 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, 16 ) ); 550 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) ); 551#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 552 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, NULL, 0 ) ); 553#endif 554 555 /* encode length number of bytes from inbuf */ 556 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, inbuf, length, encbuf, &outlen ) ); 557 TEST_ASSERT( ret == mbedtls_cipher_finish( &ctx, encbuf + outlen, &outlen ) ); 558 559 /* done */ 560exit: 561 mbedtls_cipher_free( &ctx ); 562} 563/* END_CASE */ 564 565/* BEGIN_CASE */ 566void dec_empty_buf( int cipher, 567 int expected_update_ret, 568 int expected_finish_ret ) 569{ 570 unsigned char key[32]; 571 unsigned char iv[16]; 572 573 mbedtls_cipher_context_t ctx_dec; 574 const mbedtls_cipher_info_t *cipher_info; 575 576 unsigned char encbuf[64]; 577 unsigned char decbuf[64]; 578 579 size_t outlen = 0; 580 581 memset( key, 0, 32 ); 582 memset( iv , 0, 16 ); 583 584 mbedtls_cipher_init( &ctx_dec ); 585 586 memset( encbuf, 0, 64 ); 587 memset( decbuf, 0, 64 ); 588 589 /* Initialise context */ 590 cipher_info = mbedtls_cipher_info_from_type( cipher ); 591 TEST_ASSERT( NULL != cipher_info); 592 TEST_ASSERT( sizeof(key) * 8 >= cipher_info->key_bitlen ); 593 594 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); 595 596 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, 597 key, cipher_info->key_bitlen, 598 MBEDTLS_DECRYPT ) ); 599 600 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) ); 601 602 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) ); 603 604#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 605 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) ); 606#endif 607 608 /* decode 0-byte string */ 609 TEST_ASSERT( expected_update_ret == 610 mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) ); 611 TEST_ASSERT( 0 == outlen ); 612 613 if ( expected_finish_ret == 0 && 614 ( cipher_info->mode == MBEDTLS_MODE_CBC || 615 cipher_info->mode == MBEDTLS_MODE_ECB ) ) 616 { 617 /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and 618 * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when 619 * decrypting an empty buffer. 620 * On the other hand, CBC and ECB ciphers need a full block of input. 621 */ 622 expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; 623 } 624 625 TEST_ASSERT( expected_finish_ret == mbedtls_cipher_finish( 626 &ctx_dec, decbuf + outlen, &outlen ) ); 627 TEST_ASSERT( 0 == outlen ); 628 629exit: 630 mbedtls_cipher_free( &ctx_dec ); 631} 632/* END_CASE */ 633 634/* BEGIN_CASE */ 635void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, 636 int second_length_val, int pad_mode, 637 int first_encrypt_output_len, int second_encrypt_output_len, 638 int first_decrypt_output_len, int second_decrypt_output_len ) 639{ 640 size_t first_length = first_length_val; 641 size_t second_length = second_length_val; 642 size_t length = first_length + second_length; 643 size_t block_size; 644 size_t iv_len; 645 unsigned char key[32]; 646 unsigned char iv[16]; 647 648 mbedtls_cipher_context_t ctx_dec; 649 mbedtls_cipher_context_t ctx_enc; 650 const mbedtls_cipher_info_t *cipher_info; 651 652 unsigned char inbuf[64]; 653 unsigned char encbuf[64]; 654 unsigned char decbuf[64]; 655 656 size_t outlen = 0; 657 size_t totaloutlen = 0; 658 659 memset( key, 0, 32 ); 660 memset( iv , 0, 16 ); 661 662 mbedtls_cipher_init( &ctx_dec ); 663 mbedtls_cipher_init( &ctx_enc ); 664 665 memset( inbuf, 5, 64 ); 666 memset( encbuf, 0, 64 ); 667 memset( decbuf, 0, 64 ); 668 669 /* Initialise enc and dec contexts */ 670 cipher_info = mbedtls_cipher_info_from_type( cipher_id ); 671 TEST_ASSERT( NULL != cipher_info); 672 673 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); 674 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) ); 675 676 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) ); 677 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) ); 678 679#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 680 if( -1 != pad_mode ) 681 { 682 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) ); 683 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) ); 684 } 685#else 686 (void) pad_mode; 687#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 688 689 if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") ) 690 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 691 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 692 else 693 iv_len = sizeof(iv); 694 695 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) ); 696 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) ); 697 698 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) ); 699 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) ); 700 701#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 702 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) ); 703 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, NULL, 0 ) ); 704#endif 705 706 block_size = mbedtls_cipher_get_block_size( &ctx_enc ); 707 TEST_ASSERT( block_size != 0 ); 708 709 /* encode length number of bytes from inbuf */ 710 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, first_length, encbuf, &outlen ) ); 711 TEST_ASSERT( (size_t)first_encrypt_output_len == outlen ); 712 totaloutlen = outlen; 713 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf + first_length, second_length, encbuf + totaloutlen, &outlen ) ); 714 TEST_ASSERT( (size_t)second_encrypt_output_len == outlen ); 715 totaloutlen += outlen; 716 TEST_ASSERT( totaloutlen == length || 717 ( totaloutlen % block_size == 0 && 718 totaloutlen < length && 719 totaloutlen + block_size > length ) ); 720 721 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + totaloutlen, &outlen ) ); 722 totaloutlen += outlen; 723 TEST_ASSERT( totaloutlen == length || 724 ( totaloutlen % block_size == 0 && 725 totaloutlen > length && 726 totaloutlen <= length + block_size ) ); 727 728 /* decode the previously encoded string */ 729 second_length = totaloutlen - first_length; 730 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, first_length, decbuf, &outlen ) ); 731 TEST_ASSERT( (size_t)first_decrypt_output_len == outlen ); 732 totaloutlen = outlen; 733 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf + first_length, second_length, decbuf + totaloutlen, &outlen ) ); 734 TEST_ASSERT( (size_t)second_decrypt_output_len == outlen ); 735 totaloutlen += outlen; 736 737 TEST_ASSERT( totaloutlen == length || 738 ( totaloutlen % block_size == 0 && 739 totaloutlen < length && 740 totaloutlen + block_size >= length ) ); 741 742 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + totaloutlen, &outlen ) ); 743 totaloutlen += outlen; 744 745 TEST_ASSERT( totaloutlen == length ); 746 747 TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) ); 748 749exit: 750 mbedtls_cipher_free( &ctx_dec ); 751 mbedtls_cipher_free( &ctx_enc ); 752} 753/* END_CASE */ 754 755/* BEGIN_CASE */ 756void decrypt_test_vec( int cipher_id, int pad_mode, data_t * key, 757 data_t * iv, data_t * cipher, 758 data_t * clear, data_t * ad, data_t * tag, 759 int finish_result, int tag_result ) 760{ 761 unsigned char output[265]; 762 mbedtls_cipher_context_t ctx; 763 size_t outlen, total_len; 764 765 mbedtls_cipher_init( &ctx ); 766 767 memset( output, 0x00, sizeof( output ) ); 768 769#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C) 770 ((void) ad); 771 ((void) tag); 772#endif 773 774 /* Prepare context */ 775 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, 776 mbedtls_cipher_info_from_type( cipher_id ) ) ); 777 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT ) ); 778#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 779 if( pad_mode != -1 ) 780 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) ); 781#else 782 (void) pad_mode; 783#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 784 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv->x, iv->len ) ); 785 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) ); 786#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 787 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, ad->x, ad->len ) ); 788#endif 789 790 /* decode buffer and check tag->x */ 791 total_len = 0; 792 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, cipher->x, cipher->len, output, &outlen ) ); 793 total_len += outlen; 794 TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen, 795 &outlen ) ); 796 total_len += outlen; 797#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 798 TEST_ASSERT( tag_result == mbedtls_cipher_check_tag( &ctx, tag->x, tag->len ) ); 799#endif 800 801 /* check plaintext only if everything went fine */ 802 if( 0 == finish_result && 0 == tag_result ) 803 { 804 TEST_ASSERT( total_len == clear->len ); 805 TEST_ASSERT( 0 == memcmp( output, clear->x, clear->len ) ); 806 } 807 808exit: 809 mbedtls_cipher_free( &ctx ); 810} 811/* END_CASE */ 812 813/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_AUTH_CRYPT */ 814void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, 815 data_t * ad, data_t * cipher, data_t * tag, 816 char * result, data_t * clear, int use_psa ) 817{ 818 /* 819 * Take an AEAD ciphertext + tag and perform a pair 820 * of AEAD decryption and AEAD encryption. Check that 821 * this results in the expected plaintext, and that 822 * decryption and encryption are inverse to one another. 823 */ 824 825 int ret; 826 int using_nist_kw, using_nist_kw_padding; 827 828 mbedtls_cipher_context_t ctx; 829 size_t outlen; 830 831 unsigned char *cipher_plus_tag = NULL; 832 size_t cipher_plus_tag_len; 833 unsigned char *decrypt_buf = NULL; 834 size_t decrypt_buf_len = 0; 835 unsigned char *encrypt_buf = NULL; 836 size_t encrypt_buf_len = 0; 837 838 /* Null pointers are documented as valid for inputs of length 0. 839 * The test framework passes non-null pointers, so set them to NULL. 840 * key, cipher and tag can't be empty. */ 841 if( iv->len == 0 ) 842 iv->x = NULL; 843 if( ad->len == 0 ) 844 ad->x = NULL; 845 if( clear->len == 0 ) 846 clear->x = NULL; 847 848 mbedtls_cipher_init( &ctx ); 849 850 /* Initialize PSA Crypto */ 851#if defined(MBEDTLS_USE_PSA_CRYPTO) 852 if( use_psa == 1 ) 853 PSA_ASSERT( psa_crypto_init( ) ); 854#else 855 (void) use_psa; 856#endif 857 858 /* 859 * Are we using NIST_KW? with padding? 860 */ 861 using_nist_kw_padding = cipher_id == MBEDTLS_CIPHER_AES_128_KWP || 862 cipher_id == MBEDTLS_CIPHER_AES_192_KWP || 863 cipher_id == MBEDTLS_CIPHER_AES_256_KWP; 864 using_nist_kw = cipher_id == MBEDTLS_CIPHER_AES_128_KW || 865 cipher_id == MBEDTLS_CIPHER_AES_192_KW || 866 cipher_id == MBEDTLS_CIPHER_AES_256_KW || 867 using_nist_kw_padding; 868 869 /* 870 * Prepare context for decryption 871 */ 872 if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key, 873 MBEDTLS_DECRYPT ) ) 874 goto exit; 875 876 /* 877 * prepare buffer for decryption 878 * (we need the tag appended to the ciphertext) 879 */ 880 cipher_plus_tag_len = cipher->len + tag->len; 881 ASSERT_ALLOC( cipher_plus_tag, cipher_plus_tag_len ); 882 memcpy( cipher_plus_tag, cipher->x, cipher->len ); 883 memcpy( cipher_plus_tag + cipher->len, tag->x, tag->len ); 884 885 /* 886 * Compute length of output buffer according to the documentation 887 */ 888 if( using_nist_kw ) 889 decrypt_buf_len = cipher_plus_tag_len - 8; 890 else 891 decrypt_buf_len = cipher_plus_tag_len - tag->len; 892 893 894 /* 895 * Try decrypting to a buffer that's 1B too small 896 */ 897 if( decrypt_buf_len != 0 ) 898 { 899 ASSERT_ALLOC( decrypt_buf, decrypt_buf_len - 1 ); 900 901 outlen = 0; 902 ret = mbedtls_cipher_auth_decrypt_ext( &ctx, iv->x, iv->len, 903 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 904 decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len ); 905 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 906 907 mbedtls_free( decrypt_buf ); 908 decrypt_buf = NULL; 909 } 910 911 /* 912 * Authenticate and decrypt, and check result 913 */ 914 ASSERT_ALLOC( decrypt_buf, decrypt_buf_len ); 915 916 outlen = 0; 917 ret = mbedtls_cipher_auth_decrypt_ext( &ctx, iv->x, iv->len, 918 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 919 decrypt_buf, decrypt_buf_len, &outlen, tag->len ); 920 921 if( strcmp( result, "FAIL" ) == 0 ) 922 { 923 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ); 924 TEST_ASSERT( buffer_is_all_zero( decrypt_buf, decrypt_buf_len ) ); 925 } 926 else 927 { 928 TEST_ASSERT( ret == 0 ); 929 ASSERT_COMPARE( decrypt_buf, outlen, clear->x, clear->len ); 930 } 931 932 mbedtls_free( decrypt_buf ); 933 decrypt_buf = NULL; 934 935 /* 936 * Encrypt back if test data was authentic 937 */ 938 if( strcmp( result, "FAIL" ) != 0 ) 939 { 940 /* prepare context for encryption */ 941 if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key, 942 MBEDTLS_ENCRYPT ) ) 943 goto exit; 944 945 /* 946 * Compute size of output buffer according to documentation 947 */ 948 if( using_nist_kw ) 949 { 950 encrypt_buf_len = clear->len + 8; 951 if( using_nist_kw_padding && encrypt_buf_len % 8 != 0 ) 952 encrypt_buf_len += 8 - encrypt_buf_len % 8; 953 } 954 else 955 { 956 encrypt_buf_len = clear->len + tag->len; 957 } 958 959 /* 960 * Try encrypting with an output buffer that's 1B too small 961 */ 962 ASSERT_ALLOC( encrypt_buf, encrypt_buf_len - 1 ); 963 964 outlen = 0; 965 ret = mbedtls_cipher_auth_encrypt_ext( &ctx, iv->x, iv->len, 966 ad->x, ad->len, clear->x, clear->len, 967 encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len ); 968 TEST_ASSERT( ret != 0 ); 969 970 mbedtls_free( encrypt_buf ); 971 encrypt_buf = NULL; 972 973 /* 974 * Encrypt and check the result 975 */ 976 ASSERT_ALLOC( encrypt_buf, encrypt_buf_len ); 977 978 outlen = 0; 979 ret = mbedtls_cipher_auth_encrypt_ext( &ctx, iv->x, iv->len, 980 ad->x, ad->len, clear->x, clear->len, 981 encrypt_buf, encrypt_buf_len, &outlen, tag->len ); 982 TEST_ASSERT( ret == 0 ); 983 984 TEST_ASSERT( outlen == cipher->len + tag->len ); 985 TEST_ASSERT( memcmp( encrypt_buf, cipher->x, cipher->len ) == 0 ); 986 TEST_ASSERT( memcmp( encrypt_buf + cipher->len, 987 tag->x, tag->len ) == 0 ); 988 989 mbedtls_free( encrypt_buf ); 990 encrypt_buf = NULL; 991 } 992 993exit: 994 995 mbedtls_cipher_free( &ctx ); 996 mbedtls_free( decrypt_buf ); 997 mbedtls_free( encrypt_buf ); 998 mbedtls_free( cipher_plus_tag ); 999 1000#if defined(MBEDTLS_USE_PSA_CRYPTO) 1001 if( use_psa == 1 ) 1002 PSA_DONE( ); 1003#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1004} 1005/* END_CASE */ 1006 1007/* BEGIN_CASE */ 1008void test_vec_ecb( int cipher_id, int operation, data_t * key, 1009 data_t * input, data_t * result, int finish_result 1010 ) 1011{ 1012 mbedtls_cipher_context_t ctx; 1013 unsigned char output[32]; 1014 size_t outlen; 1015 1016 mbedtls_cipher_init( &ctx ); 1017 1018 memset( output, 0x00, sizeof( output ) ); 1019 1020 /* Prepare context */ 1021 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, 1022 mbedtls_cipher_info_from_type( cipher_id ) ) ); 1023 1024 1025 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) ); 1026 1027 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, input->x, 1028 mbedtls_cipher_get_block_size( &ctx ), 1029 output, &outlen ) ); 1030 TEST_ASSERT( outlen == mbedtls_cipher_get_block_size( &ctx ) ); 1031 TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen, 1032 &outlen ) ); 1033 TEST_ASSERT( 0 == outlen ); 1034 1035 /* check plaintext only if everything went fine */ 1036 if( 0 == finish_result ) 1037 TEST_ASSERT( 0 == memcmp( output, result->x, 1038 mbedtls_cipher_get_block_size( &ctx ) ) ); 1039 1040exit: 1041 mbedtls_cipher_free( &ctx ); 1042} 1043/* END_CASE */ 1044 1045/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1046void test_vec_crypt( int cipher_id, int operation, data_t *key, 1047 data_t *iv, data_t *input, data_t *result, 1048 int finish_result, int use_psa ) 1049{ 1050 mbedtls_cipher_context_t ctx; 1051 unsigned char output[32]; 1052 size_t outlen; 1053 1054 mbedtls_cipher_init( &ctx ); 1055 1056 memset( output, 0x00, sizeof( output ) ); 1057 1058 /* Prepare context */ 1059#if !defined(MBEDTLS_USE_PSA_CRYPTO) 1060 (void) use_psa; 1061#else 1062 if( use_psa == 1 ) 1063 { 1064 PSA_ASSERT( psa_crypto_init( ) ); 1065 TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx, 1066 mbedtls_cipher_info_from_type( cipher_id ), 0 ) ); 1067 } 1068 else 1069#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1070 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, 1071 mbedtls_cipher_info_from_type( cipher_id ) ) ); 1072 1073 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) ); 1074 if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode ) 1075 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) ); 1076 1077 TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv->len ? iv->x : NULL, 1078 iv->len, input->x, input->len, 1079 output, &outlen ) ); 1080 TEST_ASSERT( result->len == outlen ); 1081 /* check plaintext only if everything went fine */ 1082 if( 0 == finish_result ) 1083 TEST_ASSERT( 0 == memcmp( output, result->x, outlen ) ); 1084 1085exit: 1086 mbedtls_cipher_free( &ctx ); 1087#if defined(MBEDTLS_USE_PSA_CRYPTO) 1088 PSA_DONE( ); 1089#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1090} 1091/* END_CASE */ 1092 1093/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1094void set_padding( int cipher_id, int pad_mode, int ret ) 1095{ 1096 const mbedtls_cipher_info_t *cipher_info; 1097 mbedtls_cipher_context_t ctx; 1098 1099 mbedtls_cipher_init( &ctx ); 1100 1101 cipher_info = mbedtls_cipher_info_from_type( cipher_id ); 1102 TEST_ASSERT( NULL != cipher_info ); 1103 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); 1104 1105 TEST_ASSERT( ret == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) ); 1106 1107exit: 1108 mbedtls_cipher_free( &ctx ); 1109} 1110/* END_CASE */ 1111 1112/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ 1113void check_padding( int pad_mode, data_t * input, int ret, int dlen_check 1114 ) 1115{ 1116 mbedtls_cipher_info_t cipher_info; 1117 mbedtls_cipher_context_t ctx; 1118 size_t dlen; 1119 1120 /* build a fake context just for getting access to get_padding */ 1121 mbedtls_cipher_init( &ctx ); 1122 cipher_info.mode = MBEDTLS_MODE_CBC; 1123 ctx.cipher_info = &cipher_info; 1124 1125 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) ); 1126 1127 1128 TEST_ASSERT( ret == ctx.get_padding( input->x, input->len, &dlen ) ); 1129 if( 0 == ret ) 1130 TEST_ASSERT( dlen == (size_t) dlen_check ); 1131} 1132/* END_CASE */ 1133