From d8727230f7876312d77ee63925cb5c8a845ea049 Mon Sep 17 00:00:00 2001
From: k-stachowiak <krzysiek.stachowiak@gmail.com>
Date: Mon, 29 Jul 2019 17:46:29 +0200
Subject: [PATCH] Add negative tests for empty buffer decoding for certain
 ciphers

---
 tests/suites/test_suite_cipher.aes.data       |  6 +++-
 tests/suites/test_suite_cipher.arc4.data      |  2 +-
 tests/suites/test_suite_cipher.aria.data      |  2 +-
 tests/suites/test_suite_cipher.blowfish.data  |  2 +-
 tests/suites/test_suite_cipher.camellia.data  |  2 +-
 .../suites/test_suite_cipher.chachapoly.data  |  2 +-
 tests/suites/test_suite_cipher.des.data       |  6 ++--
 tests/suites/test_suite_cipher.function       | 33 ++++++++++---------
 tests/suites/test_suite_cipher.gcm.data       |  4 +--
 tests/suites/test_suite_cipher.nist_kw.data   |  9 ++++-
 10 files changed, 41 insertions(+), 27 deletions(-)

diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data
index b2eb26e9d..6293408d4 100644
--- a/tests/suites/test_suite_cipher.aes.data
+++ b/tests/suites/test_suite_cipher.aes.data
@@ -1,6 +1,10 @@
 AES-128 CBC - Decrypt empty buffer
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-dec_empty_buf:MBEDTLS_CIPHER_AES_128_CBC
+dec_empty_buf:MBEDTLS_CIPHER_AES_128_CBC:0:0
+
+AES-128 XTS - Decrypt empty buffer
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_XTS
+dec_empty_buf:MBEDTLS_CIPHER_AES_128_XTS:MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:0
 
 AES-128 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
diff --git a/tests/suites/test_suite_cipher.arc4.data b/tests/suites/test_suite_cipher.arc4.data
index d29d2ae9d..adeed83c5 100644
--- a/tests/suites/test_suite_cipher.arc4.data
+++ b/tests/suites/test_suite_cipher.arc4.data
@@ -1,6 +1,6 @@
 ARC4 Decrypt empty buffer
 depends_on:MBEDTLS_ARC4_C
-dec_empty_buf:MBEDTLS_CIPHER_ARC4_128
+dec_empty_buf:MBEDTLS_CIPHER_ARC4_128:0:0
 
 ARC4 Encrypt and decrypt 0 bytes
 depends_on:MBEDTLS_ARC4_C
diff --git a/tests/suites/test_suite_cipher.aria.data b/tests/suites/test_suite_cipher.aria.data
index c1ecafbd1..2c50a21fc 100644
--- a/tests/suites/test_suite_cipher.aria.data
+++ b/tests/suites/test_suite_cipher.aria.data
@@ -1,3 +1,3 @@
 Aria CBC Decrypt empty buffer
 depends_on:MBEDTLS_ARIA_C:MBEDTLS_CIPHER_MODE_CBC
-dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_CBC
+dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_CBC:0:0
diff --git a/tests/suites/test_suite_cipher.blowfish.data b/tests/suites/test_suite_cipher.blowfish.data
index 627c42b74..bbb39343b 100644
--- a/tests/suites/test_suite_cipher.blowfish.data
+++ b/tests/suites/test_suite_cipher.blowfish.data
@@ -1,6 +1,6 @@
 BLOWFISH CBC Decrypt empty buffer
 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-dec_empty_buf:MBEDTLS_CIPHER_BLOWFISH_CBC
+dec_empty_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:0:0
 
 BLOWFISH Encrypt and decrypt 0 bytes
 depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
diff --git a/tests/suites/test_suite_cipher.camellia.data b/tests/suites/test_suite_cipher.camellia.data
index a078be198..8fbbbe91e 100644
--- a/tests/suites/test_suite_cipher.camellia.data
+++ b/tests/suites/test_suite_cipher.camellia.data
@@ -1,6 +1,6 @@
 CAMELLIA CBC Decrypt empty buffer
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC
+dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_CBC:0:0
 
 CAMELLIA Encrypt and decrypt 0 bytes
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
diff --git a/tests/suites/test_suite_cipher.chachapoly.data b/tests/suites/test_suite_cipher.chachapoly.data
index ccd0dfb57..8c246adb4 100644
--- a/tests/suites/test_suite_cipher.chachapoly.data
+++ b/tests/suites/test_suite_cipher.chachapoly.data
@@ -1,6 +1,6 @@
 Decrypt empty buffer
 depends_on:MBEDTLS_CHACHAPOLY_C
-dec_empty_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305
+dec_empty_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305:0:0
 
 ChaCha20+Poly1305 Encrypt and decrypt 0 bytes
 depends_on:MBEDTLS_CHACHAPOLY_C
diff --git a/tests/suites/test_suite_cipher.des.data b/tests/suites/test_suite_cipher.des.data
index dbd6809b1..c272a3e33 100644
--- a/tests/suites/test_suite_cipher.des.data
+++ b/tests/suites/test_suite_cipher.des.data
@@ -1,14 +1,14 @@
 DES CBC Decrypt empty buffer
 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-dec_empty_buf:MBEDTLS_CIPHER_DES_CBC
+dec_empty_buf:MBEDTLS_CIPHER_DES_CBC:0:0
 
 DES EDE CBC Decrypt empty buffer
 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-dec_empty_buf:MBEDTLS_CIPHER_DES_EDE_CBC
+dec_empty_buf:MBEDTLS_CIPHER_DES_EDE_CBC:0:0
 
 DES EDE3 CBC Decrypt empty buffer
 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
-dec_empty_buf:MBEDTLS_CIPHER_DES_EDE3_CBC
+dec_empty_buf:MBEDTLS_CIPHER_DES_EDE3_CBC:0:0
 
 DES Encrypt and decrypt 0 bytes
 depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 1ea14088b..70f4bc120 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -1,6 +1,10 @@
 /* BEGIN_HEADER */
 #include "mbedtls/cipher.h"
 
+#if defined(MBEDTLS_AES_C)
+#include "mbedtls/aes.h"
+#endif
+
 #if defined(MBEDTLS_GCM_C)
 #include "mbedtls/gcm.h"
 #endif
@@ -710,7 +714,9 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void dec_empty_buf( int cipher )
+void dec_empty_buf( int cipher,
+                    int expected_update_ret,
+                    int expected_finish_ret )
 {
     unsigned char key[32];
     unsigned char iv[16];
@@ -723,8 +729,6 @@ void dec_empty_buf( int cipher )
 
     size_t outlen = 0;
 
-    int expected_ret;
-
     memset( key, 0, 32 );
     memset( iv , 0, 16 );
 
@@ -753,25 +757,24 @@ void dec_empty_buf( int cipher )
 #endif
 
     /* decode 0-byte string */
-    TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
+    TEST_ASSERT( expected_update_ret ==
+                 mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
     TEST_ASSERT( 0 == outlen );
 
-    if ( cipher_info->mode == MBEDTLS_MODE_CBC ||
-         cipher_info->mode == MBEDTLS_MODE_ECB )
-    {
-        /* CBC and ECB ciphers need a full block of input. */
-        expected_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
-    }
-    else
+    if ( expected_finish_ret == 0 &&
+         ( cipher_info->mode == MBEDTLS_MODE_CBC ||
+           cipher_info->mode == MBEDTLS_MODE_ECB ) )
     {
         /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and
          * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when
-         * decrypting an empty buffer. */
-        expected_ret = 0;
+         * decrypting an empty buffer.
+         * On the other hand, CBC and ECB ciphers need a full block of input.
+         */
+        expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
     }
 
-    TEST_ASSERT( expected_ret == mbedtls_cipher_finish(
-                                    &ctx_dec, decbuf + outlen, &outlen ) );
+    TEST_ASSERT( expected_finish_ret == mbedtls_cipher_finish(
+                                        &ctx_dec, decbuf + outlen, &outlen ) );
     TEST_ASSERT( 0 == outlen );
 
 exit:
diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data
index 11a12c964..83889de47 100644
--- a/tests/suites/test_suite_cipher.gcm.data
+++ b/tests/suites/test_suite_cipher.gcm.data
@@ -1,10 +1,10 @@
 CAMELLIA GCM Decrypt empty buffer
 depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
-dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_GCM
+dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_GCM:0:0
 
 Aria GCM Decrypt empty buffer
 depends_on:MBEDTLS_ARIA_C:MBEDTLS_GCM_C
-dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_GCM
+dec_empty_buf:MBEDTLS_CIPHER_ARIA_128_GCM:0:0
 
 AES 128 GCM Encrypt and decrypt 0 bytes
 depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
diff --git a/tests/suites/test_suite_cipher.nist_kw.data b/tests/suites/test_suite_cipher.nist_kw.data
index 59ef931e3..820189159 100644
--- a/tests/suites/test_suite_cipher.nist_kw.data
+++ b/tests/suites/test_suite_cipher.nist_kw.data
@@ -1,3 +1,11 @@
+KW AES-128 wrap  - Decrypt empty buffer
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+dec_empty_buf:MBEDTLS_CIPHER_AES_128_KW:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+
+KWP AES-128 wrap  - Decrypt empty buffer
+depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
+dec_empty_buf:MBEDTLS_CIPHER_AES_128_KWP:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
+
 KW AES-128 wrap rfc 3394
 depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
 auth_crypt_tv:MBEDTLS_CIPHER_AES_128_KW:"000102030405060708090A0B0C0D0E0F":"":"":"1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5":"":"":"00112233445566778899AABBCCDDEEFF":0
@@ -268,4 +276,3 @@ auth_crypt_tv:MBEDTLS_CIPHER_AES_192_KWP:"21fb6600c1d34a74adee67612672593a86cf23
 KWP AES-256 wrap CAVS 17.4 FAIL COUNT 4 CLEN 32
 depends_on:MBEDTLS_AES_C:MBEDTLS_NIST_KW_C
 auth_crypt_tv:MBEDTLS_CIPHER_AES_256_KWP:"c32cb3e1e41a4b9f4de79989957866f5dd48dba38c22a6ebb80e14c84bdd9534":"":"":"c29b05c2619a58ecc1d239e7a34273cd":"":"FAIL":"":0
-