From b25719b0317f3cc1845c476424d3609b7e29aed8 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack.lloyd@fortanix.com>
Date: Thu, 7 Mar 2019 16:59:14 -0500
Subject: [PATCH] Fix errors in AEAD test function

It was failing to set the key in the ENCRYPT direction before encrypting.
This just happened to work for GCM and CCM.

After re-encrypting, compare the length to the expected ciphertext
length not the plaintext length. Again this just happens to work for
GCM and CCM since they do not perform any kind of padding.
---
 ChangeLog                               | 3 +++
 tests/suites/test_suite_cipher.function | 7 +++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 66ecf9783..80a5b8083 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -47,6 +47,9 @@ Bugfix
    * Fix private key DER output in the key_app_writer example. File contents
      were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
      Christian Walther in #2239.
+   * Fix bugs in the AEAD test suite which would be exposed by ciphers which
+     either used both encrypt and decrypt key schedules, or which perform padding.
+     GCM and CCM were not affected. Fixed by Jack Lloyd.
 
 Changes
    * Include configuration file in all header files that use configuration,
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 773c792ca..54fe1a339 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -976,6 +976,9 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
     TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 );
 
     /* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */
+    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len,
+                                             MBEDTLS_ENCRYPT ) );
+
     memset( output, 0xFF, sizeof( output ) );
     outlen = 0;
 
@@ -984,8 +987,8 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
                                my_tag, tag->len );
     TEST_ASSERT( ret == 0 );
 
-    TEST_ASSERT( outlen == clear->len );
-    TEST_ASSERT( memcmp( output, cipher->x, clear->len ) == 0 );
+    TEST_ASSERT( outlen == cipher->len );
+    TEST_ASSERT( memcmp( output, cipher->x, cipher->len ) == 0 );
     TEST_ASSERT( memcmp( my_tag, tag->x, tag->len ) == 0 );
 
     /* make sure we didn't overwrite */