yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 17:55:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add parameter validation for CCM

Browse Source
This commit is contained in:
k-stachowiak 2018-12-11 12:22:16 +01:00 committed by Gilles Peskine
parent 54b789aa74
commit 26d365eb54
4 changed files with 267 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
include/mbedtls/ccm.h
View File

@ -57,7 +57,6 @@
/* MBEDTLS_ERR_CCM_HW_ACCEL_FAILED is deprecated and should not be used. */ /* MBEDTLS_ERR_CCM_HW_ACCEL_FAILED is deprecated and should not be used. */
#define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */ #define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
@ -85,7 +84,7 @@ mbedtls_ccm_context;
* to make references valid, and prepare the context * to make references valid, and prepare the context
* for mbedtls_ccm_setkey() or mbedtls_ccm_free(). * for mbedtls_ccm_setkey() or mbedtls_ccm_free().
* *
* \param ctx The CCM context to initialize. * \param ctx The CCM context to initialize. Must not be NULL.
*/ */
void mbedtls_ccm_init( mbedtls_ccm_context *ctx ); void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
@ -93,9 +92,9 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
* \brief This function initializes the CCM context set in the * \brief This function initializes the CCM context set in the
* \p ctx parameter and sets the encryption key. * \p ctx parameter and sets the encryption key.
* *
* \param ctx The CCM context to initialize. * \param ctx The CCM context to initialize. Must not be NULL.
* \param cipher The 128-bit block cipher to use. * \param cipher The 128-bit block cipher to use.
* \param key The encryption key. * \param key The encryption key. Must not be NULL.
* \param keybits The key size in bits. This must be acceptable by the cipher. * \param keybits The key size in bits. This must be acceptable by the cipher.
* *
* \return \c 0 on success. * \return \c 0 on success.
@ -110,7 +109,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
* \brief This function releases and clears the specified CCM context * \brief This function releases and clears the specified CCM context
* and underlying cipher sub-context. * and underlying cipher sub-context.
* *
* \param ctx The CCM context to clear. * \param ctx The CCM context to clear. Must not be NULL.
*/ */
void mbedtls_ccm_free( mbedtls_ccm_context *ctx ); void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
@ -123,19 +122,20 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
* \p tag = \p output + \p length, and make sure that the * \p tag = \p output + \p length, and make sure that the
* output buffer is at least \p length + \p tag_len wide. * output buffer is at least \p length + \p tag_len wide.
* *
* \param ctx The CCM context to use for encryption. * \param ctx The CCM context to use for encryption. Must not be NULL.
* \param length The length of the input data in Bytes. * \param length The length of the input data in Bytes.
* \param iv Initialization vector (nonce). * \param iv Initialization vector (nonce). Must not be NULL.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is * or 13. The length L of the message length field is
* 15 - \p iv_len. * 15 - \p iv_len.
* \param add The additional data field. * \param add The additional data field. Must not be NULL.
* \param add_len The length of additional data in Bytes. * \param add_len The length of additional data in Bytes.
* Must be less than 2^16 - 2^8. * Must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. * \param input The buffer holding the input data. Must not be NULL.
* \param output The buffer holding the output data. * \param output The buffer holding the output data.
* Must be at least \p length Bytes wide. * Must be at least \p length Bytes wide.
* \param tag The buffer holding the authentication field. * \param tag The buffer holding the authentication field. Must not be
* NULL.
* \param tag_len The length of the authentication field to generate in Bytes: * \param tag_len The length of the authentication field to generate in Bytes:
* 4, 6, 8, 10, 12, 14 or 16. * 4, 6, 8, 10, 12, 14 or 16.
* *
@ -161,19 +161,20 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
* the tag length has to be encoded into the \p iv passed to * the tag length has to be encoded into the \p iv passed to
* this function. * this function.
* *
* \param ctx The CCM context to use for encryption. * \param ctx The CCM context to use for encryption. Must not be NULL.
* \param length The length of the input data in Bytes. * \param length The length of the input data in Bytes.
* \param iv Initialization vector (nonce). * \param iv Initialization vector (nonce). Must not be NULL.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is * or 13. The length L of the message length field is
* 15 - \p iv_len. * 15 - \p iv_len.
* \param add The additional data field. * \param add The additional data field. Must not be NULL.
* \param add_len The length of additional data in Bytes. * \param add_len The length of additional data in Bytes.
* Must be less than 2^16 - 2^8. * Must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. * \param input The buffer holding the input data. Must not be NULL.
* \param output The buffer holding the output data. * \param output The buffer holding the output data.
* Must be at least \p length Bytes wide. * Must be at least \p length Bytes wide.
* \param tag The buffer holding the authentication field. * \param tag The buffer holding the authentication field. Must not be
* NULL.
* \param tag_len The length of the authentication field to generate in Bytes: * \param tag_len The length of the authentication field to generate in Bytes:
* 0, 4, 6, 8, 10, 12, 14 or 16. * 0, 4, 6, 8, 10, 12, 14 or 16.
* *
@ -193,19 +194,20 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
* \brief This function performs a CCM authenticated decryption of a * \brief This function performs a CCM authenticated decryption of a
* buffer. * buffer.
* *
* \param ctx The CCM context to use for decryption. * \param ctx The CCM context to use for decryption. Must not be NULL.
* \param length The length of the input data in Bytes. * \param length The length of the input data in Bytes.
* \param iv Initialization vector (nonce). * \param iv Initialization vector (nonce). Must not be NULL.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is * or 13. The length L of the message length field is
* 15 - \p iv_len. * 15 - \p iv_len.
* \param add The additional data field. * \param add The additional data field. Must not be NULL.
* \param add_len The length of additional data in Bytes. * \param add_len The length of additional data in Bytes.
* Must be less than 2^16 - 2^8. * Must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. * \param input The buffer holding the input data. Must not be NULL.
* \param output The buffer holding the output data. * \param output The buffer holding the output data.
* Must be at least \p length Bytes wide. * Must be at least \p length Bytes wide.
* \param tag The buffer holding the authentication field. * \param tag The buffer holding the authentication field. Must not be
* NULL.
* \param tag_len The length of the authentication field in Bytes. * \param tag_len The length of the authentication field in Bytes.
* 4, 6, 8, 10, 12, 14 or 16. * 4, 6, 8, 10, 12, 14 or 16.
* *
@ -228,19 +230,20 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
* this function as \p tag_len. (\p tag needs to be adjusted * this function as \p tag_len. (\p tag needs to be adjusted
* accordingly.) * accordingly.)
* *
* \param ctx The CCM context to use for decryption. * \param ctx The CCM context to use for decryption. Must not be NULL.
* \param length The length of the input data in Bytes. * \param length The length of the input data in Bytes.
* \param iv Initialization vector (nonce). * \param iv Initialization vector (nonce). Must not be NULL.
* \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12, * \param iv_len The length of the nonce in Bytes: 7, 8, 9, 10, 11, 12,
* or 13. The length L of the message length field is * or 13. The length L of the message length field is
* 15 - \p iv_len. * 15 - \p iv_len.
* \param add The additional data field. * \param add The additional data field. Must not be NULL.
* \param add_len The length of additional data in Bytes. * \param add_len The length of additional data in Bytes.
* Must be less than 2^16 - 2^8. * Must be less than 2^16 - 2^8.
* \param input The buffer holding the input data. * \param input The buffer holding the input data. Must not be NULL.
* \param output The buffer holding the output data. * \param output The buffer holding the output data.
* Must be at least \p length Bytes wide. * Must be at least \p length Bytes wide.
* \param tag The buffer holding the authentication field. * \param tag The buffer holding the authentication field. Must not be
* NULL.
* \param tag_len The length of the authentication field in Bytes. * \param tag_len The length of the authentication field in Bytes.
* 0, 4, 6, 8, 10, 12, 14 or 16. * 0, 4, 6, 8, 10, 12, 14 or 16.
* *

29
library/ccm.c
View File

@ -52,6 +52,11 @@
#if !defined(MBEDTLS_CCM_ALT) #if !defined(MBEDTLS_CCM_ALT)
#define CCM_VALIDATE_RET( cond ) \
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_CCM_BAD_INPUT )
#define CCM_VALIDATE( cond ) \
MBEDTLS_INTERNAL_VALIDATE( cond )
#define CCM_ENCRYPT 0 #define CCM_ENCRYPT 0
#define CCM_DECRYPT 1 #define CCM_DECRYPT 1
@ -60,6 +65,7 @@
*/ */
void mbedtls_ccm_init( mbedtls_ccm_context *ctx ) void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
{ {
CCM_VALIDATE( ctx != NULL );
memset( ctx, 0, sizeof( mbedtls_ccm_context ) ); memset( ctx, 0, sizeof( mbedtls_ccm_context ) );
} }
@ -71,6 +77,9 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
int ret; int ret;
const mbedtls_cipher_info_t *cipher_info; const mbedtls_cipher_info_t *cipher_info;
CCM_VALIDATE_RET( ctx != NULL );
CCM_VALIDATE_RET( key != NULL );
cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB ); cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
if( cipher_info == NULL ) if( cipher_info == NULL )
return( MBEDTLS_ERR_CCM_BAD_INPUT ); return( MBEDTLS_ERR_CCM_BAD_INPUT );
@ -97,6 +106,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
*/ */
void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
{ {
CCM_VALIDATE( ctx != NULL );
mbedtls_cipher_free( &ctx->cipher_ctx ); mbedtls_cipher_free( &ctx->cipher_ctx );
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) ); mbedtls_platform_zeroize( ctx, sizeof( mbedtls_ccm_context ) );
} }
@ -310,6 +320,12 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *input, unsigned char *output, const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len ) unsigned char *tag, size_t tag_len )
{ {
CCM_VALIDATE_RET( ctx != NULL );
CCM_VALIDATE_RET( iv != NULL );
CCM_VALIDATE_RET( add != NULL );
CCM_VALIDATE_RET( input != NULL );
CCM_VALIDATE_RET( output != NULL );
CCM_VALIDATE_RET( tag != NULL );
return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len, return( ccm_auth_crypt( ctx, CCM_ENCRYPT, length, iv, iv_len,
add, add_len, input, output, tag, tag_len ) ); add, add_len, input, output, tag, tag_len ) );
} }
@ -320,6 +336,12 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
const unsigned char *input, unsigned char *output, const unsigned char *input, unsigned char *output,
unsigned char *tag, size_t tag_len ) unsigned char *tag, size_t tag_len )
{ {
CCM_VALIDATE_RET( ctx != NULL );
CCM_VALIDATE_RET( iv != NULL );
CCM_VALIDATE_RET( add != NULL );
CCM_VALIDATE_RET( input != NULL );
CCM_VALIDATE_RET( output != NULL );
CCM_VALIDATE_RET( tag != NULL );
if( tag_len == 0 ) if( tag_len == 0 )
return( MBEDTLS_ERR_CCM_BAD_INPUT ); return( MBEDTLS_ERR_CCM_BAD_INPUT );
@ -341,6 +363,13 @@ int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
unsigned char i; unsigned char i;
int diff; int diff;
CCM_VALIDATE_RET( ctx != NULL );
CCM_VALIDATE_RET( iv != NULL );
CCM_VALIDATE_RET( add != NULL );
CCM_VALIDATE_RET( input != NULL );
CCM_VALIDATE_RET( output != NULL );
CCM_VALIDATE_RET( tag != NULL );
if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length, if( ( ret = ccm_auth_crypt( ctx, CCM_DECRYPT, length,
iv, iv_len, add, add_len, iv, iv_len, add, add_len,
input, output, check_tag, tag_len ) ) != 0 ) input, output, check_tag, tag_len ) ) != 0 )

3
tests/suites/test_suite_ccm.data
View File

@ -1,6 +1,9 @@
CCM self test CCM self test
mbedtls_ccm_self_test: mbedtls_ccm_self_test:
CCM - Invalid parameters
ccm_invalid_param:
CCM init #1 AES-128: OK CCM init #1 AES-128: OK
depends_on:MBEDTLS_AES_C depends_on:MBEDTLS_AES_C
mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:128:0 mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:128:0

207
tests/suites/test_suite_ccm.function
View File

@ -326,3 +326,210 @@ exit:
mbedtls_ccm_free( &ctx ); mbedtls_ccm_free( &ctx );
} }
/* END_CASE */ /* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
void ccm_invalid_param( )
{
struct mbedtls_ccm_context ctx;
unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
int valid_len = sizeof(valid_buffer);
int valid_bitlen = valid_len * 8;
mbedtls_ccm_init( &ctx );
/* mbedtls_ccm_init() */
TEST_INVALID_PARAM( mbedtls_ccm_init( NULL ) );
/* mbedtls_ccm_setkey() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) );
/* mbedtls_ccm_encrypt_and_tag() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_encrypt_and_tag( NULL, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
NULL, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
valid_buffer, valid_len,
NULL, valid_len,
valid_buffer, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
NULL, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
valid_buffer, NULL,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_encrypt_and_tag( &ctx, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_buffer,
NULL, valid_len ) );
/* mbedtls_ccm_star_encrypt_and_tag() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_star_encrypt_and_tag( NULL, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_buffer,
valid_buffer, valid_len) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
NULL, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
valid_buffer, valid_len,
NULL, valid_len,
valid_buffer, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
NULL, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
valid_buffer, NULL,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_buffer,
NULL, valid_len ) );
/* mbedtls_ccm_auth_decrypt() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_auth_decrypt( NULL, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_auth_decrypt( &ctx, valid_len,
NULL, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_auth_decrypt( &ctx, valid_len,
valid_buffer, valid_len,
NULL, valid_len,
valid_buffer, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_auth_decrypt( &ctx, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
NULL, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_auth_decrypt( &ctx, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
valid_buffer, NULL,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_auth_decrypt( &ctx, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_buffer,
NULL, valid_len ) );
/* mbedtls_ccm_star_auth_decrypt() */
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_star_auth_decrypt( NULL, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
NULL, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
valid_buffer, valid_len,
NULL, valid_len,
valid_buffer, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
NULL, valid_buffer,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
valid_buffer, NULL,
valid_buffer, valid_len ) );
TEST_INVALID_PARAM_RET(
MBEDTLS_ERR_CCM_BAD_INPUT,
mbedtls_ccm_star_auth_decrypt( &ctx, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_len,
valid_buffer, valid_buffer,
NULL, valid_len ) );
/* mbedtls_ccm_free() */
TEST_INVALID_PARAM( mbedtls_ccm_free( NULL ) );
exit:
mbedtls_ccm_free( &ctx );
return;
}
/* END_CASE */