1/* BEGIN_HEADER */ 2#include "mbedtls/ccm.h" 3 4/* Use the multipart interface to process the encrypted data in two parts 5 * and check that the output matches the expected output. 6 * The context must have been set up with the key. */ 7static int check_multipart( mbedtls_ccm_context *ctx, 8 int mode, 9 const data_t *iv, 10 const data_t *add, 11 const data_t *input, 12 const data_t *expected_output, 13 const data_t *tag, 14 size_t n1, 15 size_t n1_add) 16{ 17 int ok = 0; 18 uint8_t *output = NULL; 19 size_t n2 = input->len - n1; 20 size_t n2_add = add->len - n1_add; 21 size_t olen; 22 23 /* Sanity checks on the test data */ 24 TEST_ASSERT( n1 <= input->len ); 25 TEST_ASSERT( n1_add <= add->len ); 26 TEST_EQUAL( input->len, expected_output->len ); 27 TEST_EQUAL( 0, mbedtls_ccm_starts( ctx, mode, iv->x, iv->len ) ); 28 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( ctx, add->len, input->len, tag->len ) ); 29 TEST_EQUAL( 0, mbedtls_ccm_update_ad( ctx, add->x, n1_add) ); 30 TEST_EQUAL( 0, mbedtls_ccm_update_ad( ctx, add->x + n1_add, n2_add ) ); 31 32 /* Allocate a tight buffer for each update call. This way, if the function 33 * tries to write beyond the advertised required buffer size, this will 34 * count as an overflow for memory sanitizers and static checkers. */ 35 ASSERT_ALLOC( output, n1 ); 36 olen = 0xdeadbeef; 37 TEST_EQUAL( 0, mbedtls_ccm_update( ctx, input->x, n1, output, n1, &olen ) ); 38 TEST_EQUAL( n1, olen ); 39 ASSERT_COMPARE( output, olen, expected_output->x, n1 ); 40 mbedtls_free( output ); 41 output = NULL; 42 43 ASSERT_ALLOC( output, n2 ); 44 olen = 0xdeadbeef; 45 TEST_EQUAL( 0, mbedtls_ccm_update( ctx, input->x + n1, n2, output, n2, &olen ) ); 46 TEST_EQUAL( n2, olen ); 47 ASSERT_COMPARE( output, olen, expected_output->x + n1, n2 ); 48 mbedtls_free( output ); 49 output = NULL; 50 51 ASSERT_ALLOC( output, tag->len ); 52 TEST_EQUAL( 0, mbedtls_ccm_finish( ctx, output, tag->len ) ); 53 ASSERT_COMPARE( output, tag->len, tag->x, tag->len ); 54 mbedtls_free( output ); 55 output = NULL; 56 57 ok = 1; 58exit: 59 mbedtls_free( output ); 60 return( ok ); 61} 62/* END_HEADER */ 63 64/* BEGIN_DEPENDENCIES 65 * depends_on:MBEDTLS_CCM_C 66 * END_DEPENDENCIES 67 */ 68 69/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ 70void mbedtls_ccm_self_test( ) 71{ 72 TEST_ASSERT( mbedtls_ccm_self_test( 1 ) == 0 ); 73} 74/* END_CASE */ 75 76/* BEGIN_CASE */ 77void mbedtls_ccm_setkey( int cipher_id, int key_size, int result ) 78{ 79 mbedtls_ccm_context ctx; 80 unsigned char key[32]; 81 int ret; 82 83 mbedtls_ccm_init( &ctx ); 84 85 memset( key, 0x2A, sizeof( key ) ); 86 TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) ); 87 88 ret = mbedtls_ccm_setkey( &ctx, cipher_id, key, key_size ); 89 TEST_ASSERT( ret == result ); 90 91exit: 92 mbedtls_ccm_free( &ctx ); 93} 94/* END_CASE */ 95 96/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 97void ccm_lengths( int msg_len, int iv_len, int add_len, int tag_len, int res ) 98{ 99 mbedtls_ccm_context ctx; 100 unsigned char key[16]; 101 unsigned char msg[10]; 102 unsigned char iv[14]; 103 unsigned char *add = NULL; 104 unsigned char out[10]; 105 unsigned char tag[18]; 106 int decrypt_ret; 107 108 mbedtls_ccm_init( &ctx ); 109 110 ASSERT_ALLOC_WEAK( add, add_len ); 111 memset( key, 0, sizeof( key ) ); 112 memset( msg, 0, sizeof( msg ) ); 113 memset( iv, 0, sizeof( iv ) ); 114 memset( out, 0, sizeof( out ) ); 115 memset( tag, 0, sizeof( tag ) ); 116 117 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, 118 key, 8 * sizeof( key ) ) == 0 ); 119 120 TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len, 121 msg, out, tag, tag_len ) == res ); 122 123 decrypt_ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len, iv, iv_len, add, add_len, 124 msg, out, tag, tag_len ); 125 126 if( res == 0 ) 127 TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED ); 128 else 129 TEST_ASSERT( decrypt_ret == res ); 130 131exit: 132 mbedtls_free( add ); 133 mbedtls_ccm_free( &ctx ); 134} 135/* END_CASE */ 136 137/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 138void ccm_star_lengths( int msg_len, int iv_len, int add_len, int tag_len, 139 int res ) 140{ 141 mbedtls_ccm_context ctx; 142 unsigned char key[16]; 143 unsigned char msg[10]; 144 unsigned char iv[14]; 145 unsigned char add[10]; 146 unsigned char out[10]; 147 unsigned char tag[18]; 148 int decrypt_ret; 149 150 mbedtls_ccm_init( &ctx ); 151 152 memset( key, 0, sizeof( key ) ); 153 memset( msg, 0, sizeof( msg ) ); 154 memset( iv, 0, sizeof( iv ) ); 155 memset( add, 0, sizeof( add ) ); 156 memset( out, 0, sizeof( out ) ); 157 memset( tag, 0, sizeof( tag ) ); 158 159 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, 160 key, 8 * sizeof( key ) ) == 0 ); 161 162 TEST_ASSERT( mbedtls_ccm_star_encrypt_and_tag( &ctx, msg_len, iv, iv_len, 163 add, add_len, msg, out, tag, tag_len ) == res ); 164 165 decrypt_ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len, iv, iv_len, add, 166 add_len, msg, out, tag, tag_len ); 167 168 if( res == 0 && tag_len != 0 ) 169 TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED ); 170 else 171 TEST_ASSERT( decrypt_ret == res ); 172 173exit: 174 mbedtls_ccm_free( &ctx ); 175} 176/* END_CASE */ 177 178/* BEGIN_CASE */ 179void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key, 180 data_t * msg, data_t * iv, 181 data_t * add, data_t * result ) 182{ 183 mbedtls_ccm_context ctx; 184 size_t n1, n1_add; 185 uint8_t* io_msg_buf = NULL; 186 uint8_t* tag_buf = NULL; 187 const size_t expected_tag_len = result->len - msg->len; 188 const uint8_t* expected_tag = result->x + msg->len; 189 190 /* Prepare input/output message buffer */ 191 ASSERT_ALLOC( io_msg_buf, msg->len ); 192 if( msg->len != 0 ) 193 memcpy( io_msg_buf, msg->x, msg->len ); 194 195 /* Prepare tag buffer */ 196 ASSERT_ALLOC( tag_buf, expected_tag_len ); 197 198 mbedtls_ccm_init( &ctx ); 199 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 200 /* Test with input == output */ 201 TEST_EQUAL( mbedtls_ccm_encrypt_and_tag( &ctx, msg->len, iv->x, iv->len, add->x, add->len, 202 io_msg_buf, io_msg_buf, tag_buf, expected_tag_len ), 0); 203 204 ASSERT_COMPARE( io_msg_buf, msg->len, result->x, msg->len ); 205 ASSERT_COMPARE( tag_buf, expected_tag_len, expected_tag, expected_tag_len ); 206 207 /* Prepare data_t structures for multipart testing */ 208 const data_t encrypted_expected = { .x = result->x, 209 .len = msg->len }; 210 const data_t tag_expected = { .x = (uint8_t*) expected_tag, /* cast to conform with data_t x type */ 211 .len = expected_tag_len }; 212 213 for( n1 = 0; n1 <= msg->len; n1 += 1 ) 214 { 215 for( n1_add = 0; n1_add <= add->len; n1_add += 1 ) 216 { 217 mbedtls_test_set_step( n1 * 10000 + n1_add ); 218 if( !check_multipart( &ctx, MBEDTLS_CCM_ENCRYPT, 219 iv, add, msg, 220 &encrypted_expected, 221 &tag_expected, 222 n1, n1_add ) ) 223 goto exit; 224 } 225 } 226 227exit: 228 mbedtls_ccm_free( &ctx ); 229 mbedtls_free( io_msg_buf ); 230 mbedtls_free( tag_buf ); 231} 232/* END_CASE */ 233 234/* BEGIN_CASE */ 235void mbedtls_ccm_star_no_tag( int cipher_id, int mode, data_t * key, 236 data_t * msg, data_t * iv, data_t * result ) 237{ 238 mbedtls_ccm_context ctx; 239 uint8_t *output = NULL; 240 size_t olen; 241 242 mbedtls_ccm_init( &ctx ); 243 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 244 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); 245 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, msg->len, 0 ) ); 246 247 ASSERT_ALLOC( output, msg->len ); 248 TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) ); 249 TEST_EQUAL( result->len, olen ); 250 ASSERT_COMPARE( output, olen, result->x, result->len ); 251 252 TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, NULL, 0 ) ); 253exit: 254 mbedtls_free(output); 255 mbedtls_ccm_free( &ctx ); 256} 257/* END_CASE */ 258 259/* BEGIN_CASE */ 260void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key, 261 data_t * msg, data_t * iv, 262 data_t * add, int expected_tag_len, int result, 263 data_t * expected_msg ) 264{ 265 mbedtls_ccm_context ctx; 266 size_t n1, n1_add; 267 268 const size_t expected_msg_len = msg->len - expected_tag_len; 269 const uint8_t* expected_tag = msg->x + expected_msg_len; 270 271 /* Prepare input/output message buffer */ 272 uint8_t* io_msg_buf = NULL; 273 ASSERT_ALLOC( io_msg_buf, expected_msg_len ); 274 if( expected_msg_len ) 275 memcpy( io_msg_buf, msg->x, expected_msg_len ); 276 277 mbedtls_ccm_init( &ctx ); 278 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 279 /* Test with input == output */ 280 TEST_EQUAL( mbedtls_ccm_auth_decrypt( &ctx, expected_msg_len, iv->x, iv->len, add->x, add->len, 281 io_msg_buf, io_msg_buf, expected_tag, expected_tag_len ), result ); 282 283 if( result == 0 ) 284 { 285 ASSERT_COMPARE( io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len ); 286 287 /* Prepare data_t structures for multipart testing */ 288 const data_t encrypted = { .x = msg->x, 289 .len = expected_msg_len }; 290 291 const data_t tag_expected = { .x = (uint8_t*) expected_tag, 292 .len = expected_tag_len }; 293 294 for( n1 = 0; n1 <= expected_msg_len; n1 += 1 ) 295 { 296 for( n1_add = 0; n1_add <= add->len; n1_add += 1 ) 297 { 298 mbedtls_test_set_step( n1 * 10000 + n1_add ); 299 if( !check_multipart( &ctx, MBEDTLS_CCM_DECRYPT, 300 iv, add, &encrypted, 301 expected_msg, 302 &tag_expected, 303 n1, n1_add ) ) 304 goto exit; 305 } 306 } 307 } 308 else 309 { 310 size_t i; 311 312 for( i = 0; i < expected_msg_len; i++ ) 313 TEST_EQUAL( io_msg_buf[i], 0 ); 314 } 315 316exit: 317 mbedtls_free(io_msg_buf); 318 mbedtls_ccm_free( &ctx ); 319} 320/* END_CASE */ 321 322/* BEGIN_CASE */ 323void mbedtls_ccm_star_encrypt_and_tag( int cipher_id, 324 data_t *key, data_t *msg, 325 data_t *source_address, data_t *frame_counter, 326 int sec_level, data_t *add, 327 data_t *expected_result, int output_ret ) 328{ 329 unsigned char iv[13]; 330 mbedtls_ccm_context ctx; 331 size_t iv_len, expected_tag_len; 332 size_t n1, n1_add; 333 uint8_t* io_msg_buf = NULL; 334 uint8_t* tag_buf = NULL; 335 336 const uint8_t* expected_tag = expected_result->x + msg->len; 337 338 /* Calculate tag length */ 339 if( sec_level % 4 == 0) 340 expected_tag_len = 0; 341 else 342 expected_tag_len = 1 << ( sec_level % 4 + 1); 343 344 /* Prepare input/output message buffer */ 345 ASSERT_ALLOC( io_msg_buf, msg->len ); 346 if( msg->len ) 347 memcpy( io_msg_buf, msg->x, msg->len ); 348 349 /* Prepare tag buffer */ 350 if( expected_tag_len == 0 ) 351 ASSERT_ALLOC( tag_buf, 16 ); 352 else 353 ASSERT_ALLOC( tag_buf, expected_tag_len ); 354 355 /* Calculate iv */ 356 TEST_ASSERT( source_address->len == 8 ); 357 TEST_ASSERT( frame_counter->len == 4 ); 358 memcpy( iv, source_address->x, source_address->len ); 359 memcpy( iv + source_address->len, frame_counter->x, frame_counter->len ); 360 iv[source_address->len + frame_counter->len] = sec_level; 361 iv_len = sizeof( iv ); 362 363 mbedtls_ccm_init( &ctx ); 364 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, 365 key->x, key->len * 8 ), 0 ); 366 /* Test with input == output */ 367 TEST_EQUAL( mbedtls_ccm_star_encrypt_and_tag( &ctx, msg->len, iv, iv_len, 368 add->x, add->len, io_msg_buf, 369 io_msg_buf, tag_buf, expected_tag_len), output_ret ); 370 371 ASSERT_COMPARE( io_msg_buf, msg->len, expected_result->x, msg->len ); 372 ASSERT_COMPARE( tag_buf, expected_tag_len, expected_tag, expected_tag_len ); 373 374 if( output_ret == 0 ) 375 { 376 const data_t iv_data = { .x = iv, 377 .len = iv_len }; 378 379 const data_t encrypted_expected = { .x = expected_result->x, 380 .len = msg->len }; 381 const data_t tag_expected = { .x = (uint8_t*)expected_tag, 382 .len = expected_tag_len }; 383 384 for( n1 = 0; n1 <= msg->len; n1 += 1 ) 385 { 386 for( n1_add = 0; n1_add <= add->len; n1_add += 1 ) 387 { 388 mbedtls_test_set_step( n1 * 10000 + n1_add ); 389 if( !check_multipart( &ctx, MBEDTLS_CCM_STAR_ENCRYPT, 390 &iv_data, add, msg, 391 &encrypted_expected, 392 &tag_expected, 393 n1, n1_add ) ) 394 goto exit; 395 } 396 } 397 } 398 399exit: 400 mbedtls_ccm_free( &ctx ); 401 mbedtls_free( io_msg_buf ); 402 mbedtls_free( tag_buf ); 403} 404/* END_CASE */ 405 406/* BEGIN_CASE */ 407void mbedtls_ccm_star_auth_decrypt( int cipher_id, 408 data_t *key, data_t *msg, 409 data_t *source_address, data_t *frame_counter, 410 int sec_level, data_t *add, 411 data_t *expected_result, int output_ret ) 412{ 413 unsigned char iv[13]; 414 mbedtls_ccm_context ctx; 415 size_t iv_len, expected_tag_len; 416 size_t n1, n1_add; 417 418 /* Calculate tag length */ 419 if( sec_level % 4 == 0) 420 expected_tag_len = 0; 421 else 422 expected_tag_len = 1 << ( sec_level % 4 + 1); 423 424 const size_t expected_msg_len = msg->len - expected_tag_len; 425 const uint8_t* expected_tag = msg->x + expected_msg_len; 426 427 /* Prepare input/output message buffer */ 428 uint8_t* io_msg_buf = NULL; 429 ASSERT_ALLOC( io_msg_buf, expected_msg_len ); 430 if( expected_msg_len ) 431 memcpy( io_msg_buf, msg->x, expected_msg_len ); 432 433 /* Calculate iv */ 434 memset( iv, 0x00, sizeof( iv ) ); 435 TEST_ASSERT( source_address->len == 8 ); 436 TEST_ASSERT( frame_counter->len == 4 ); 437 memcpy( iv, source_address->x, source_address->len ); 438 memcpy( iv + source_address->len, frame_counter->x, frame_counter->len ); 439 iv[source_address->len + frame_counter->len] = sec_level; 440 iv_len = sizeof( iv ); 441 442 mbedtls_ccm_init( &ctx ); 443 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 ); 444 /* Test with input == output */ 445 TEST_EQUAL( mbedtls_ccm_star_auth_decrypt( &ctx, expected_msg_len, iv, iv_len, 446 add->x, add->len, io_msg_buf, io_msg_buf, 447 expected_tag, expected_tag_len ), output_ret ); 448 449 ASSERT_COMPARE( io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len ); 450 451 if( output_ret == 0 ) 452 { 453 const data_t iv_data = { .x = iv, 454 .len = iv_len }; 455 456 const data_t encrypted = { .x = msg->x, 457 .len = expected_msg_len} ; 458 459 const data_t tag_expected = { .x = (uint8_t*) expected_tag, 460 .len = expected_tag_len }; 461 462 for( n1 = 0; n1 <= expected_msg_len; n1 += 1 ) 463 { 464 for( n1_add = 0; n1_add <= add->len; n1_add += 1 ) 465 { 466 mbedtls_test_set_step( n1 * 10000 + n1_add ); 467 if( !check_multipart( &ctx, MBEDTLS_CCM_STAR_DECRYPT, 468 &iv_data, add, &encrypted, 469 expected_result, 470 &tag_expected, 471 n1, n1_add ) ) 472 goto exit; 473 } 474 } 475 } 476 477exit: 478 mbedtls_ccm_free( &ctx ); 479 mbedtls_free( io_msg_buf ); 480} 481/* END_CASE */ 482 483/* Skip auth data, provide full text */ 484/* BEGIN_CASE */ 485void mbedtls_ccm_skip_ad( int cipher_id, int mode, 486 data_t * key, data_t * msg, data_t * iv, 487 data_t * result, data_t * tag ) 488{ 489 mbedtls_ccm_context ctx; 490 uint8_t *output = NULL; 491 size_t olen; 492 493 /* Sanity checks on the test data */ 494 TEST_EQUAL( msg->len, result->len ); 495 496 mbedtls_ccm_init( &ctx ); 497 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 498 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); 499 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, msg->len, tag->len ) ); 500 501 ASSERT_ALLOC( output, result->len ); 502 olen = 0xdeadbeef; 503 TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, result->len, &olen ) ); 504 TEST_EQUAL( result->len, olen ); 505 ASSERT_COMPARE( output, olen, result->x, result->len ); 506 mbedtls_free( output ); 507 output = NULL; 508 509 ASSERT_ALLOC( output, tag->len ); 510 TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, output, tag->len ) ); 511 ASSERT_COMPARE( output, tag->len, tag->x, tag->len ); 512 mbedtls_free( output ); 513 output = NULL; 514 515exit: 516 mbedtls_free( output ); 517 mbedtls_ccm_free( &ctx ); 518} 519/* END_CASE */ 520 521/* Provide auth data, skip full text */ 522/* BEGIN_CASE */ 523void mbedtls_ccm_skip_update( int cipher_id, int mode, 524 data_t * key, data_t * iv, data_t* add, 525 data_t * tag ) 526{ 527 mbedtls_ccm_context ctx; 528 uint8_t *output = NULL; 529 530 mbedtls_ccm_init( &ctx ); 531 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 532 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); 533 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, tag->len ) ); 534 535 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); 536 537 ASSERT_ALLOC( output, tag->len ); 538 TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, output, tag->len ) ); 539 ASSERT_COMPARE( output, tag->len, tag->x, tag->len ); 540 mbedtls_free( output ); 541 output = NULL; 542 543exit: 544 mbedtls_free( output ); 545 mbedtls_ccm_free( &ctx ); 546} 547/* END_CASE */ 548 549/* Provide too much auth data */ 550/* BEGIN_CASE */ 551void mbedtls_ccm_overflow_ad( int cipher_id, int mode, 552 data_t * key, data_t * iv, 553 data_t * add ) 554{ 555 mbedtls_ccm_context ctx; 556 557 mbedtls_ccm_init( &ctx ); 558 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 559 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); 560 // use hardcoded values for msg length and tag length. They are not a part of this test 561 // subtract 1 from configured auth data length to provoke an overflow 562 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len - 1, 16, 16 ) ); 563 564 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); 565exit: 566 mbedtls_ccm_free( &ctx ); 567} 568/* END_CASE */ 569 570/* Provide unexpected auth data */ 571/* BEGIN_CASE */ 572void mbedtls_ccm_unexpected_ad( int cipher_id, int mode, 573 data_t * key, data_t * iv, 574 data_t * add ) 575{ 576 mbedtls_ccm_context ctx; 577 578 mbedtls_ccm_init( &ctx ); 579 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 580 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); 581 // use hardcoded values for msg length and tag length. They are not a part of this test 582 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, 16, 16 ) ); 583 584 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); 585exit: 586 mbedtls_ccm_free( &ctx ); 587} 588/* END_CASE */ 589 590/* Provide unexpected plaintext/ciphertext data */ 591/* BEGIN_CASE */ 592void mbedtls_ccm_unexpected_text( int cipher_id, int mode, 593 data_t * key, data_t * msg, data_t * iv, 594 data_t * add ) 595{ 596 mbedtls_ccm_context ctx; 597 uint8_t *output = NULL; 598 size_t olen; 599 600 mbedtls_ccm_init( &ctx ); 601 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 602 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); 603 // use hardcoded value for tag length. It is not a part of this test 604 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, 16 ) ); 605 606 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); 607 608 ASSERT_ALLOC( output, msg->len ); 609 olen = 0xdeadbeef; 610 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) ); 611exit: 612 mbedtls_free( output ); 613 mbedtls_ccm_free( &ctx ); 614} 615/* END_CASE */ 616 617/* Provide incomplete auth data and finish */ 618/* BEGIN_CASE */ 619void mbedtls_ccm_incomplete_ad( int cipher_id, int mode, 620 data_t * key, data_t * iv, data_t* add ) 621{ 622 mbedtls_ccm_context ctx; 623 uint8_t *output = NULL; 624 625 mbedtls_ccm_init( &ctx ); 626 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 627 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); 628 // use hardcoded values for msg length and tag length. They are not a part of this test 629 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, 16 ) ); 630 631 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len - 1) ); 632 633 ASSERT_ALLOC( output, 16 ); 634 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish( &ctx, output, 16 ) ); 635 636exit: 637 mbedtls_free( output ); 638 mbedtls_ccm_free( &ctx ); 639} 640/* END_CASE */ 641 642/* Provide complete auth data on first update_ad. 643 * Provide unexpected auth data on second update_ad */ 644/* BEGIN_CASE */ 645void mbedtls_ccm_full_ad_and_overflow( int cipher_id, int mode, 646 data_t * key, data_t * iv, 647 data_t * add ) 648{ 649 mbedtls_ccm_context ctx; 650 651 mbedtls_ccm_init( &ctx ); 652 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 653 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); 654 // use hardcoded values for msg length and tag length. They are not a part of this test 655 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 16, 16 ) ); 656 657 // pass full auth data 658 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); 659 // pass 1 extra byte 660 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, 1) ); 661exit: 662 mbedtls_ccm_free( &ctx ); 663} 664/* END_CASE */ 665 666/* Provide incomplete auth data on first update_ad. 667 * Provide too much auth data on second update_ad */ 668/* BEGIN_CASE */ 669void mbedtls_ccm_incomplete_ad_and_overflow( int cipher_id, int mode, 670 data_t * key, data_t * iv, 671 data_t * add ) 672{ 673 mbedtls_ccm_context ctx; 674 uint8_t add_second_buffer[2]; 675 676 add_second_buffer[0] = add->x[ add->len - 1 ]; 677 add_second_buffer[1] = 0xAB; // some magic value 678 679 mbedtls_ccm_init( &ctx ); 680 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 681 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); 682 // use hardcoded values for msg length and tag length. They are not a part of this test 683 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 16, 16 ) ); 684 685 // pass incomplete auth data 686 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len - 1) ); 687 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte) 688 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add_second_buffer, 2) ); 689exit: 690 mbedtls_ccm_free( &ctx ); 691} 692/* END_CASE */ 693 694/* Provide too much plaintext/ciphertext */ 695/* BEGIN_CASE */ 696void mbedtls_ccm_overflow_update( int cipher_id, int mode, 697 data_t * key, data_t * msg, data_t * iv, 698 data_t * add ) 699{ 700 mbedtls_ccm_context ctx; 701 uint8_t *output = NULL; 702 size_t olen; 703 704 mbedtls_ccm_init( &ctx ); 705 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 706 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); 707 // use hardcoded value for tag length. It is a not a part of this test 708 // subtract 1 from configured msg length to provoke an overflow 709 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len - 1, 16 ) ); 710 711 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); 712 713 ASSERT_ALLOC( output, msg->len ); 714 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \ 715 mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) ); 716exit: 717 mbedtls_free( output ); 718 mbedtls_ccm_free( &ctx ); 719} 720/* END_CASE */ 721 722/* Provide incomplete plaintext/ciphertext and finish */ 723/* BEGIN_CASE */ 724void mbedtls_ccm_incomplete_update( int cipher_id, int mode, 725 data_t * key, data_t * msg, data_t * iv, 726 data_t * add ) 727{ 728 mbedtls_ccm_context ctx; 729 uint8_t *output = NULL; 730 size_t olen; 731 732 mbedtls_ccm_init( &ctx ); 733 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 734 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); 735 // use hardcoded value for tag length. It is not a part of this test 736 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) ); 737 738 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); 739 740 ASSERT_ALLOC( output, msg->len ); 741 olen = 0xdeadbeef; 742 TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len - 1, output, msg->len, &olen ) ); 743 mbedtls_free( output ); 744 output = NULL; 745 746 ASSERT_ALLOC( output, 16 ); 747 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish( &ctx, output, 16 ) ); 748 749exit: 750 mbedtls_free( output ); 751 mbedtls_ccm_free( &ctx ); 752} 753/* END_CASE */ 754 755/* Provide full plaintext/ciphertext of first update 756 * Provide unexpected plaintext/ciphertext on second update */ 757/* BEGIN_CASE */ 758void mbedtls_ccm_full_update_and_overflow( int cipher_id, int mode, 759 data_t * key, data_t * msg, data_t * iv, 760 data_t * add ) 761{ 762 mbedtls_ccm_context ctx; 763 uint8_t *output = NULL; 764 size_t olen; 765 766 mbedtls_ccm_init( &ctx ); 767 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 768 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); 769 // use hardcoded value for tag length. It is a not a part of this test 770 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) ); 771 772 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); 773 774 ASSERT_ALLOC( output, msg->len ); 775 // pass full text 776 TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) ); 777 // pass 1 extra byte 778 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \ 779 mbedtls_ccm_update( &ctx, msg->x, 1, output, 1, &olen ) ); 780exit: 781 mbedtls_free( output ); 782 mbedtls_ccm_free( &ctx ); 783} 784/* END_CASE */ 785 786/* Provide incomplete plaintext/ciphertext of first update 787 * Provide too much plaintext/ciphertext on second update */ 788/* BEGIN_CASE */ 789void mbedtls_ccm_incomplete_update_overflow( int cipher_id, int mode, 790 data_t * key, data_t * msg, data_t * iv, 791 data_t * add ) 792{ 793 mbedtls_ccm_context ctx; 794 uint8_t *output = NULL; 795 size_t olen; 796 uint8_t msg_second_buffer[2]; 797 798 msg_second_buffer[0] = msg->x[ msg->len - 1 ]; 799 msg_second_buffer[1] = 0xAB; // some magic value 800 801 mbedtls_ccm_init( &ctx ); 802 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 803 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); 804 // use hardcoded value for tag length. It is a not a part of this test 805 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) ); 806 807 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) ); 808 809 ASSERT_ALLOC( output, msg->len + 1 ); 810 // pass incomplete text 811 TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen ) ); 812 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte) 813 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \ 814 mbedtls_ccm_update( &ctx, msg_second_buffer, 2, output + msg->len - 1, 2, &olen ) ); 815exit: 816 mbedtls_free( output ); 817 mbedtls_ccm_free( &ctx ); 818} 819/* END_CASE */ 820 821/* Finish without passing any auth data or plaintext/ciphertext input */ 822/* BEGIN_CASE */ 823void mbedtls_ccm_instant_finish( int cipher_id, int mode, 824 data_t * key, data_t * iv ) 825{ 826 mbedtls_ccm_context ctx; 827 uint8_t *output = NULL; 828 829 mbedtls_ccm_init( &ctx ); 830 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 ); 831 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) ); 832 // use hardcoded values for add length, msg length and tag length. 833 // They are not a part of this test 834 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 16, 16, 16 ) ); 835 836 ASSERT_ALLOC( output, 16 ); 837 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish( &ctx, output, 16 ) ); 838 839exit: 840 mbedtls_free( output ); 841 mbedtls_ccm_free( &ctx ); 842} 843/* END_CASE */ 844