Skip to content

API tests: more cipher tests #10226

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dgarske merged 1 commit into from
Apr 15, 2026
Merged

API tests: more cipher tests #10226

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2,639 changes: 2,467 additions & 172 deletions tests/api/test_aes.c
View file
Open in desktop

Large diffs are not rendered by default.

70 changes: 59 additions & 11 deletions tests/api/test_aes.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,21 +29,45 @@ int test_wc_AesSetIV(void);
int test_wc_AesEncryptDecryptDirect(void);
int test_wc_AesEcbEncryptDecrypt(void);
int test_wc_AesCbcEncryptDecrypt(void);
int test_wc_AesCbcEncryptDecrypt_UnalignedBuffers(void);
int test_wc_AesCbc_CrossCipher(void);
int test_wc_AesCfbEncryptDecrypt(void);
int test_wc_AesCfb_CrossCipher(void);
int test_wc_AesOfbEncryptDecrypt(void);
int test_wc_AesOfb_CrossCipher(void);
int test_wc_AesCtsEncryptDecrypt(void);
int test_wc_AesCtsEncryptDecrypt_InPlace(void);
int test_wc_AesCtsEncryptDecrypt_UnalignedBuffers(void);
int test_wc_AesCtrSetKey(void);
int test_wc_AesCtrEncryptDecrypt(void);
int test_wc_AesCtrEncryptDecrypt_UnalignedBuffers(void);
int test_wc_AesCtr_CrossCipher(void);
int test_wc_AesCtrCounterOverflow(void);
int test_wc_AesGcmSetKey(void);
int test_wc_AesGcmEncryptDecrypt_Sizes(void);
int test_wc_AesGcmEncryptDecrypt(void);
int test_wc_AesGcmEncryptDecrypt_InPlace(void);
int test_wc_AesGcmEncryptDecrypt_UnalignedBuffers(void);
int test_wc_AesGcm_CrossCipher(void);
int test_wc_AesGcmMixedEncDecLongIV(void);
int test_wc_AesGcmNonStdNonce(void);
int test_wc_AesGcmStream(void);
int test_wc_AesGcmStream_MidStreamState(void);
int test_wc_AesGcmStream_ReinitAfterFinal(void);
int test_wc_AesCcmSetKey(void);
int test_wc_AesCcmEncryptDecrypt(void);
int test_wc_AesCcmEncryptDecrypt_InPlace(void);
int test_wc_AesCcmEncryptDecrypt_UnalignedBuffers(void);
int test_wc_AesCcmAeadEdgeCases(void);
int test_wc_AesXtsSetKey(void);
int test_wc_AesXtsEncryptDecrypt_Sizes(void);
int test_wc_AesXtsEncryptDecrypt(void);
int test_wc_AesXtsEncryptDecrypt_InPlace(void);
int test_wc_AesXtsEncryptDecrypt_UnalignedBuffers(void);
int test_wc_AesXtsEncryptDecryptSector(void);
int test_wc_AesXtsStream(void);
int test_wc_AesXtsStream_MidStreamState(void);
int test_wc_AesXtsStream_ReinitAfterFinal(void);
#if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
int test_wc_AesEaxVectors(void);
Expand Down Expand Up @@ -83,22 +107,46 @@ int test_wc_CryptoCb_AesGcm_EncryptDecrypt(void);
TEST_DECL_GROUP("aes", test_wc_AesSetIV), \
TEST_DECL_GROUP("aes", test_wc_AesEncryptDecryptDirect), \
TEST_DECL_GROUP("aes", test_wc_AesEcbEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesCbcEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesCfbEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesCbcEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesCbcEncryptDecrypt_UnalignedBuffers), \
TEST_DECL_GROUP("aes", test_wc_AesCbc_CrossCipher), \
TEST_DECL_GROUP("aes", test_wc_AesCfbEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesCfb_CrossCipher), \
TEST_DECL_GROUP("aes", test_wc_AesOfbEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesCtsEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesCtrSetKey), \
TEST_DECL_GROUP("aes", test_wc_AesCtrEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesOfb_CrossCipher), \
TEST_DECL_GROUP("aes", test_wc_AesCtsEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesCtsEncryptDecrypt_InPlace), \
TEST_DECL_GROUP("aes", test_wc_AesCtsEncryptDecrypt_UnalignedBuffers), \
TEST_DECL_GROUP("aes", test_wc_AesCtrSetKey), \
TEST_DECL_GROUP("aes", test_wc_AesCtrEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesCtrEncryptDecrypt_UnalignedBuffers), \
TEST_DECL_GROUP("aes", test_wc_AesCtr_CrossCipher), \
TEST_DECL_GROUP("aes", test_wc_AesCtrCounterOverflow), \
TEST_DECL_GROUP("aes", test_wc_AesGcmSetKey), \
TEST_DECL_GROUP("aes", test_wc_AesGcmEncryptDecrypt_Sizes), \
TEST_DECL_GROUP("aes", test_wc_AesGcmEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesGcmMixedEncDecLongIV), \
TEST_DECL_GROUP("aes", test_wc_AesGcmEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesGcmEncryptDecrypt_InPlace), \
TEST_DECL_GROUP("aes", test_wc_AesGcmEncryptDecrypt_UnalignedBuffers), \
TEST_DECL_GROUP("aes", test_wc_AesGcm_CrossCipher), \
TEST_DECL_GROUP("aes", test_wc_AesGcmMixedEncDecLongIV), \
TEST_DECL_GROUP("aes", test_wc_AesGcmNonStdNonce), \
TEST_DECL_GROUP("aes", test_wc_AesGcmStream), \
TEST_DECL_GROUP("aes", test_wc_AesGcmStream_MidStreamState), \
TEST_DECL_GROUP("aes", test_wc_AesGcmStream_ReinitAfterFinal), \
TEST_DECL_GROUP("aes", test_wc_AesCcmSetKey), \
TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesXtsSetKey), \
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt_Sizes), \
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt_InPlace), \
TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt_UnalignedBuffers), \
TEST_DECL_GROUP("aes", test_wc_AesCcmAeadEdgeCases), \
TEST_DECL_GROUP("aes", test_wc_AesXtsSetKey), \
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt_Sizes), \
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt_InPlace), \
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt_UnalignedBuffers), \
TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecryptSector), \
TEST_DECL_GROUP("aes", test_wc_AesXtsStream), \
TEST_DECL_GROUP("aes", test_wc_AesXtsStream_MidStreamState), \
TEST_DECL_GROUP("aes", test_wc_AesXtsStream_ReinitAfterFinal), \
TEST_DECL_GROUP("aes", test_wc_AesCbc_MonteCarlo), \
TEST_DECL_GROUP("aes", test_wc_AesCtr_MonteCarlo), \
TEST_DECL_GROUP("aes", test_wc_AesGcm_MonteCarlo), \
Expand Down
160 changes: 160 additions & 0 deletions tests/api/test_ascon.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,3 +184,163 @@ int test_ascon_aead128(void)
#endif
return EXPECT_RESULT();
}

/*
* Ascon-AEAD128 AEAD edge cases:
* - invalid auth tag rejection (DecryptFinal with wrong tag -> ASCON_AUTH_E)
* - empty plaintext with empty AAD (KAT[0])
* - empty plaintext with non-empty AAD (KAT[1])
*
* KAT vectors are from the Ascon reference implementation:
* https://github.com/ascon/ascon-c
*/
int test_ascon_aead128_edge_cases(void)
{
EXPECT_DECLS;
#ifdef HAVE_ASCON
/* Shared key and nonce for all sub-tests (same as KAT[0..N]) */
static const byte key[ASCON_AEAD128_KEY_SZ] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
static const byte nonce[ASCON_AEAD128_NONCE_SZ] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
};
/* KAT[0]: PT="", AD="" -> CT = tag only */
static const byte expTag0[ASCON_AEAD128_TAG_SZ] = {
0x44, 0x27, 0xD6, 0x4B, 0x8E, 0x1E, 0x14, 0x51,
0xFC, 0x44, 0x59, 0x60, 0xF0, 0x83, 0x9B, 0xB0
};
/* KAT[1]: PT="", AD="00" -> CT = tag only */
static const byte ad1[1] = { 0x00 };
static const byte expTag1[ASCON_AEAD128_TAG_SZ] = {
0x10, 0x3A, 0xB7, 0x9D, 0x91, 0x3A, 0x03, 0x21,
0x28, 0x77, 0x15, 0xA9, 0x79, 0xBB, 0x85, 0x85
};
wc_AsconAEAD128* asconAEAD = NULL;
byte tagBuf[ASCON_AEAD128_TAG_SZ];
byte badTag[ASCON_AEAD128_TAG_SZ];
byte dummy[1]; /* non-NULL placeholder for 0-length pt/ct args */

ExpectNotNull(asconAEAD = wc_AsconAEAD128_New());

/* ------------------------------------------------------------------ */
/* 1. Empty plaintext + empty AAD (KAT[0]) */
/* ------------------------------------------------------------------ */

/* Encrypt and verify tag against KAT */
ExpectIntEQ(wc_AsconAEAD128_Init(asconAEAD), 0);
ExpectIntEQ(wc_AsconAEAD128_SetKey(asconAEAD, key), 0);
ExpectIntEQ(wc_AsconAEAD128_SetNonce(asconAEAD, nonce), 0);
ExpectIntEQ(wc_AsconAEAD128_SetAD(asconAEAD, dummy, 0), 0);
ExpectIntEQ(wc_AsconAEAD128_EncryptUpdate(asconAEAD, dummy, dummy, 0), 0);
XMEMSET(tagBuf, 0, sizeof(tagBuf));
ExpectIntEQ(wc_AsconAEAD128_EncryptFinal(asconAEAD, tagBuf), 0);
ExpectBufEQ(tagBuf, expTag0, ASCON_AEAD128_TAG_SZ);
wc_AsconAEAD128_Clear(asconAEAD);

/* Decrypt with correct tag -> success */
ExpectIntEQ(wc_AsconAEAD128_Init(asconAEAD), 0);
ExpectIntEQ(wc_AsconAEAD128_SetKey(asconAEAD, key), 0);
ExpectIntEQ(wc_AsconAEAD128_SetNonce(asconAEAD, nonce), 0);
ExpectIntEQ(wc_AsconAEAD128_SetAD(asconAEAD, dummy, 0), 0);
ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD, dummy, dummy, 0), 0);
ExpectIntEQ(wc_AsconAEAD128_DecryptFinal(asconAEAD, expTag0), 0);
wc_AsconAEAD128_Clear(asconAEAD);

/* Decrypt with wrong tag -> ASCON_AUTH_E */
XMEMCPY(badTag, expTag0, ASCON_AEAD128_TAG_SZ);
badTag[0] ^= 0xff;
ExpectIntEQ(wc_AsconAEAD128_Init(asconAEAD), 0);
ExpectIntEQ(wc_AsconAEAD128_SetKey(asconAEAD, key), 0);
ExpectIntEQ(wc_AsconAEAD128_SetNonce(asconAEAD, nonce), 0);
ExpectIntEQ(wc_AsconAEAD128_SetAD(asconAEAD, dummy, 0), 0);
ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD, dummy, dummy, 0), 0);
ExpectIntEQ(wc_AsconAEAD128_DecryptFinal(asconAEAD, badTag),
WC_NO_ERR_TRACE(ASCON_AUTH_E));
wc_AsconAEAD128_Clear(asconAEAD);

/* ------------------------------------------------------------------ */
/* 2. Empty plaintext + non-empty AAD (KAT[1], AD = {0x00}) */
/* ------------------------------------------------------------------ */

/* Encrypt and verify tag against KAT */
ExpectIntEQ(wc_AsconAEAD128_Init(asconAEAD), 0);
ExpectIntEQ(wc_AsconAEAD128_SetKey(asconAEAD, key), 0);
ExpectIntEQ(wc_AsconAEAD128_SetNonce(asconAEAD, nonce), 0);
ExpectIntEQ(wc_AsconAEAD128_SetAD(asconAEAD, ad1, sizeof(ad1)), 0);
ExpectIntEQ(wc_AsconAEAD128_EncryptUpdate(asconAEAD, dummy, dummy, 0), 0);
XMEMSET(tagBuf, 0, sizeof(tagBuf));
ExpectIntEQ(wc_AsconAEAD128_EncryptFinal(asconAEAD, tagBuf), 0);
ExpectBufEQ(tagBuf, expTag1, ASCON_AEAD128_TAG_SZ);
wc_AsconAEAD128_Clear(asconAEAD);

/* Decrypt with correct tag -> success */
ExpectIntEQ(wc_AsconAEAD128_Init(asconAEAD), 0);
ExpectIntEQ(wc_AsconAEAD128_SetKey(asconAEAD, key), 0);
ExpectIntEQ(wc_AsconAEAD128_SetNonce(asconAEAD, nonce), 0);
ExpectIntEQ(wc_AsconAEAD128_SetAD(asconAEAD, ad1, sizeof(ad1)), 0);
ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD, dummy, dummy, 0), 0);
ExpectIntEQ(wc_AsconAEAD128_DecryptFinal(asconAEAD, expTag1), 0);
wc_AsconAEAD128_Clear(asconAEAD);

/* Decrypt with wrong tag -> ASCON_AUTH_E */
XMEMCPY(badTag, expTag1, ASCON_AEAD128_TAG_SZ);
badTag[0] ^= 0xff;
ExpectIntEQ(wc_AsconAEAD128_Init(asconAEAD), 0);
ExpectIntEQ(wc_AsconAEAD128_SetKey(asconAEAD, key), 0);
ExpectIntEQ(wc_AsconAEAD128_SetNonce(asconAEAD, nonce), 0);
ExpectIntEQ(wc_AsconAEAD128_SetAD(asconAEAD, ad1, sizeof(ad1)), 0);
ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD, dummy, dummy, 0), 0);
ExpectIntEQ(wc_AsconAEAD128_DecryptFinal(asconAEAD, badTag),
WC_NO_ERR_TRACE(ASCON_AUTH_E));
wc_AsconAEAD128_Clear(asconAEAD);

/* ------------------------------------------------------------------ */
/* 3. Non-empty plaintext: invalid tag rejection */
/* ------------------------------------------------------------------ */
{
static const byte pt[] = { 0x00 };
byte ct[sizeof(pt)];
byte encTag[ASCON_AEAD128_TAG_SZ];

/* Encrypt one byte */
XMEMSET(ct, 0, sizeof(ct));
XMEMSET(encTag, 0, sizeof(encTag));
ExpectIntEQ(wc_AsconAEAD128_Init(asconAEAD), 0);
ExpectIntEQ(wc_AsconAEAD128_SetKey(asconAEAD, key), 0);
ExpectIntEQ(wc_AsconAEAD128_SetNonce(asconAEAD, nonce), 0);
ExpectIntEQ(wc_AsconAEAD128_SetAD(asconAEAD, dummy, 0), 0);
ExpectIntEQ(wc_AsconAEAD128_EncryptUpdate(asconAEAD, ct, pt,
sizeof(pt)), 0);
ExpectIntEQ(wc_AsconAEAD128_EncryptFinal(asconAEAD, encTag), 0);
wc_AsconAEAD128_Clear(asconAEAD);

/* Decrypt with correct tag -> success */
ExpectIntEQ(wc_AsconAEAD128_Init(asconAEAD), 0);
ExpectIntEQ(wc_AsconAEAD128_SetKey(asconAEAD, key), 0);
ExpectIntEQ(wc_AsconAEAD128_SetNonce(asconAEAD, nonce), 0);
ExpectIntEQ(wc_AsconAEAD128_SetAD(asconAEAD, dummy, 0), 0);
ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD, dummy, ct,
sizeof(ct)), 0);
ExpectIntEQ(wc_AsconAEAD128_DecryptFinal(asconAEAD, encTag), 0);
wc_AsconAEAD128_Clear(asconAEAD);

/* Decrypt with tampered tag -> ASCON_AUTH_E */
encTag[ASCON_AEAD128_TAG_SZ - 1] ^= 0xff;
ExpectIntEQ(wc_AsconAEAD128_Init(asconAEAD), 0);
ExpectIntEQ(wc_AsconAEAD128_SetKey(asconAEAD, key), 0);
ExpectIntEQ(wc_AsconAEAD128_SetNonce(asconAEAD, nonce), 0);
ExpectIntEQ(wc_AsconAEAD128_SetAD(asconAEAD, dummy, 0), 0);
ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD, dummy, ct,
sizeof(ct)), 0);
ExpectIntEQ(wc_AsconAEAD128_DecryptFinal(asconAEAD, encTag),
WC_NO_ERR_TRACE(ASCON_AUTH_E));
wc_AsconAEAD128_Clear(asconAEAD);
}

wc_AsconAEAD128_Free(asconAEAD);
#endif /* HAVE_ASCON */
return EXPECT_RESULT();
} /* END test_ascon_aead128_edge_cases */
8 changes: 5 additions & 3 deletions tests/api/test_ascon.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,11 @@

int test_ascon_hash256(void);
int test_ascon_aead128(void);
int test_ascon_aead128_edge_cases(void);

#define TEST_ASCON_DECLS \
TEST_DECL_GROUP("ascon", test_ascon_hash256), \
TEST_DECL_GROUP("ascon", test_ascon_aead128)
#define TEST_ASCON_DECLS \
TEST_DECL_GROUP("ascon", test_ascon_hash256), \
TEST_DECL_GROUP("ascon", test_ascon_aead128), \
TEST_DECL_GROUP("ascon", test_ascon_aead128_edge_cases)

#endif /* TESTS_API_TEST_ASCON_H */
Loading
Loading