diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index c42fc7911..6293408d4 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -1,6 +1,10 @@ -Decrypt empty buffer +AES-128 CBC - Decrypt empty buffer depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -dec_empty_buf:MBEDTLS_CIPHER_AES_128_CBC +dec_empty_buf:MBEDTLS_CIPHER_AES_128_CBC:0:0 + +AES-128 XTS - Decrypt empty buffer +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_XTS +dec_empty_buf:MBEDTLS_CIPHER_AES_128_XTS:MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:0 AES-128 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 diff --git a/tests/suites/test_suite_cipher.arc4.data b/tests/suites/test_suite_cipher.arc4.data index 6e69b811f..adeed83c5 100644 --- a/tests/suites/test_suite_cipher.arc4.data +++ b/tests/suites/test_suite_cipher.arc4.data @@ -1,3 +1,7 @@ +ARC4 Decrypt empty buffer +depends_on:MBEDTLS_ARC4_C +dec_empty_buf:MBEDTLS_CIPHER_ARC4_128:0:0 + ARC4 Encrypt and decrypt 0 bytes depends_on:MBEDTLS_ARC4_C enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:0:-1 diff --git a/tests/suites/test_suite_cipher.aria.data b/tests/suites/test_suite_cipher.aria.data new file mode 100644 index 000000000..2c50a21fc --- /dev/null +++ b/tests/suites/test_suite_cipher.aria.data @@ -0,0 +1,3 @@ +Aria CBC Decrypt empty buffer +depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC +dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_CBC:0:0 diff --git a/tests/suites/test_suite_cipher.blowfish.data b/tests/suites/test_suite_cipher.blowfish.data index b94bc4704..bbb39343b 100644 --- a/tests/suites/test_suite_cipher.blowfish.data +++ b/tests/suites/test_suite_cipher.blowfish.data @@ -1,3 +1,7 @@ +BLOWFISH CBC Decrypt empty buffer +depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +dec_empty_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:0:0 + BLOWFISH Encrypt and decrypt 0 bytes depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:-1 diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data index e6342da2b..8fbbbe91e 100644 --- a/tests/suites/test_suite_cipher.camellia.data +++ b/tests/suites/test_suite_cipher.camellia.data @@ -1,3 +1,7 @@ +CAMELLIA CBC Decrypt empty buffer +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:0:0 + CAMELLIA Encrypt and decrypt 0 bytes depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:"CAMELLIA-128-CBC":128:0:-1 diff --git a/tests/suites/test_suite_cipher.chachapoly.data b/tests/suites/test_suite_cipher.chachapoly.data index ccd0dfb57..8c246adb4 100644 --- a/tests/suites/test_suite_cipher.chachapoly.data +++ b/tests/suites/test_suite_cipher.chachapoly.data @@ -1,6 +1,6 @@ Decrypt empty buffer depends_on:MBEDTLS_CHACHAPOLY_C -dec_empty_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305 +dec_empty_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:0:0 ChaCha20+Poly1305 Encrypt and decrypt 0 bytes depends_on:MBEDTLS_CHACHAPOLY_C diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data index ba9020eab..c272a3e33 100644 --- a/tests/suites/test_suite_cipher.des.data +++ b/tests/suites/test_suite_cipher.des.data @@ -1,3 +1,15 @@ +DES CBC Decrypt empty buffer +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +dec_empty_buf:MBEDTLS_CIPHER_DES_CBC:0:0 + +DES EDE CBC Decrypt empty buffer +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +dec_empty_buf:MBEDTLS_CIPHER_DES_EDE_CBC:0:0 + +DES EDE3 CBC Decrypt empty buffer +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +dec_empty_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:0:0 + DES Encrypt and decrypt 0 bytes depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 enc_dec_buf:MBEDTLS_CIPHER_DES_CBC:"DES-CBC":64:0:-1 diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index f6367f175..8405f69c7 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -1,6 +1,10 @@ /* BEGIN_HEADER */ #include "mbedtls/cipher.h" +#if defined(MBEDTLS_AES_C) +#include "mbedtls/aes.h" +#endif + #if defined(MBEDTLS_GCM_C) #include "mbedtls/gcm.h" #endif @@ -715,7 +719,9 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void dec_empty_buf( int cipher ) +void dec_empty_buf( int cipher, + int expected_update_ret, + int expected_finish_ret ) { unsigned char key[32]; unsigned char iv[16]; @@ -728,8 +734,6 @@ void dec_empty_buf( int cipher ) size_t outlen = 0; - int expected_ret; - memset( key, 0, 32 ); memset( iv , 0, 16 ); @@ -758,25 +762,24 @@ void dec_empty_buf( int cipher ) #endif /* decode 0-byte string */ - TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) ); + TEST_ASSERT( expected_update_ret == + mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) ); TEST_ASSERT( 0 == outlen ); - if ( cipher_info->mode == MBEDTLS_MODE_CBC || - cipher_info->mode == MBEDTLS_MODE_ECB ) - { - /* CBC and ECB ciphers need a full block of input. */ - expected_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; - } - else + if ( expected_finish_ret == 0 && + ( cipher_info->mode == MBEDTLS_MODE_CBC || + cipher_info->mode == MBEDTLS_MODE_ECB ) ) { /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when - * decrypting an empty buffer. */ - expected_ret = 0; + * decrypting an empty buffer. + * On the other hand, CBC and ECB ciphers need a full block of input. + */ + expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; } - TEST_ASSERT( expected_ret == mbedtls_cipher_finish( - &ctx_dec, decbuf + outlen, &outlen ) ); + TEST_ASSERT( expected_finish_ret == mbedtls_cipher_finish( + &ctx_dec, decbuf + outlen, &outlen ) ); TEST_ASSERT( 0 == outlen ); exit: diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data index 03d08ce32..83889de47 100644 --- a/tests/suites/test_suite_cipher.gcm.data +++ b/tests/suites/test_suite_cipher.gcm.data @@ -1,3 +1,11 @@ +CAMELLIA GCM Decrypt empty buffer +depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C +dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_GCM:0:0 + +Aria GCM Decrypt empty buffer +depends_on:MBEDTLS_ARIA_C:MBEDTLS_GCM_C +dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_GCM:0:0 + AES 128 GCM Encrypt and decrypt 0 bytes depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C enc_dec_buf:MBEDTLS_CIPHER_AES_128_GCM:"AES-128-GCM":128:0:-1 diff --git a/tests/suites/test_suite_cipher.nist_kw.data b/tests/suites/test_suite_cipher.nist_kw.data index 59ef931e3..820189159 100644 --- a/tests/suites/test_suite_cipher.nist_kw.data +++ b/tests/suites/test_suite_cipher.nist_kw.data @@ -1,3 +1,11 @@ +KW AES-128 wrap - Decrypt empty buffer +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +dec_empty_buf:MBEDTLS_CIPHER_AES_128_KW:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE + +KWP AES-128 wrap - Decrypt empty buffer +depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C +dec_empty_buf:MBEDTLS_CIPHER_AES_128_KWP:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE + KW AES-128 wrap rfc 3394 depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"000102030405060708090A0B0C0D0E0F":"":"":"1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5":"":"":"00112233445566778899AABBCCDDEEFF":0 @@ -268,4 +276,3 @@ auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"21fb6600c1d34a74adee67612672593a86cf23 KWP AES-256 wrap CAVS 17.4 FAIL COUNT 4 CLEN 32 depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"c32cb3e1e41a4b9f4de79989957866f5dd48dba38c22a6ebb80e14c84bdd9534":"":"":"c29b05c2619a58ecc1d239e7a34273cd":"":"FAIL":"":0 -