bt-67xx_universal_hw/thirdparty/mbedTLS/tests/suites/test_suite_cipher.function

/* BEGIN_HEADER */
#include "mbedtls/cipher.h"

#if defined(MBEDTLS_GCM_C)
#include "mbedtls/gcm.h"
#endif
/* END_HEADER */

/* BEGIN_DEPENDENCIES
 * depends_on:MBEDTLS_CIPHER_C
 * END_DEPENDENCIES
 */

/* BEGIN_CASE */
void mbedtls_cipher_list( )
{
    const int *cipher_type;

    for( cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++ )
        TEST_ASSERT( mbedtls_cipher_info_from_type( *cipher_type ) != NULL );
}
/* END_CASE */

/* BEGIN_CASE */
void cipher_null_args( )
{
    mbedtls_cipher_context_t ctx;
    const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type( *( mbedtls_cipher_list() ) );
    unsigned char buf[1] = { 0 };
    size_t olen;

    mbedtls_cipher_init( &ctx );

    TEST_ASSERT( mbedtls_cipher_get_block_size( NULL ) == 0 );
    TEST_ASSERT( mbedtls_cipher_get_block_size( &ctx ) == 0 );

    TEST_ASSERT( mbedtls_cipher_get_cipher_mode( NULL ) == MBEDTLS_MODE_NONE );
    TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &ctx ) == MBEDTLS_MODE_NONE );

    TEST_ASSERT( mbedtls_cipher_get_iv_size( NULL ) == 0 );
    TEST_ASSERT( mbedtls_cipher_get_iv_size( &ctx ) == 0 );

    TEST_ASSERT( mbedtls_cipher_info_from_string( NULL ) == NULL );

    TEST_ASSERT( mbedtls_cipher_setup( &ctx, NULL )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
    TEST_ASSERT( mbedtls_cipher_setup( NULL, info )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );

    TEST_ASSERT( mbedtls_cipher_setkey( NULL, buf, 0, MBEDTLS_ENCRYPT )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
    TEST_ASSERT( mbedtls_cipher_setkey( &ctx, buf, 0, MBEDTLS_ENCRYPT )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );

    TEST_ASSERT( mbedtls_cipher_set_iv( NULL, buf, 0 )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
    TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, buf, 0 )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );

    TEST_ASSERT( mbedtls_cipher_reset( NULL ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
    TEST_ASSERT( mbedtls_cipher_reset( &ctx ) == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );

#if defined(MBEDTLS_GCM_C)
    TEST_ASSERT( mbedtls_cipher_update_ad( NULL, buf, 0 )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
    TEST_ASSERT( mbedtls_cipher_update_ad( &ctx, buf, 0 )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#endif

    TEST_ASSERT( mbedtls_cipher_update( NULL, buf, 0, buf, &olen )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
    TEST_ASSERT( mbedtls_cipher_update( &ctx, buf, 0, buf, &olen )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );

    TEST_ASSERT( mbedtls_cipher_finish( NULL, buf, &olen )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
    TEST_ASSERT( mbedtls_cipher_finish( &ctx, buf, &olen )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );

#if defined(MBEDTLS_GCM_C)
    TEST_ASSERT( mbedtls_cipher_write_tag( NULL, buf, olen )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
    TEST_ASSERT( mbedtls_cipher_write_tag( &ctx, buf, olen )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );

    TEST_ASSERT( mbedtls_cipher_check_tag( NULL, buf, olen )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
    TEST_ASSERT( mbedtls_cipher_check_tag( &ctx, buf, olen )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
#endif
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
void cipher_special_behaviours( )
{
    const mbedtls_cipher_info_t *cipher_info;
    mbedtls_cipher_context_t ctx;
    unsigned char input[32];
    unsigned char output[32];
    unsigned char iv[32];
    size_t olen = 0;

    mbedtls_cipher_init( &ctx );
    memset( input, 0, sizeof( input ) );
    memset( output, 0, sizeof( output ) );
    memset( iv, 0, sizeof( iv ) );

    /* Check and get info structures */
    cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
    TEST_ASSERT( NULL != cipher_info );

    TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );

    /* IV too big */
    TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1 )
                 == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );

    /* IV too small */
    TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, 0 )
                 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );

    /* Update ECB with partial block */
    TEST_ASSERT( mbedtls_cipher_update( &ctx, input, 1, output, &olen )
                 == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );

exit:
    mbedtls_cipher_free( &ctx );
}
/* END_CASE */

/* BEGIN_CASE */
void enc_dec_buf( int cipher_id, char *cipher_string, int key_len,
                  int length_val, int pad_mode )
{
    size_t length = length_val, outlen, total_len, i, block_size;
    unsigned char key[32];
    unsigned char iv[16];
    unsigned char ad[13];
    unsigned char tag[16];
    unsigned char inbuf[64];
    unsigned char encbuf[64];
    unsigned char decbuf[64];

    const mbedtls_cipher_info_t *cipher_info;
    mbedtls_cipher_context_t ctx_dec;
    mbedtls_cipher_context_t ctx_enc;

    /*
     * Prepare contexts
     */
    mbedtls_cipher_init( &ctx_dec );
    mbedtls_cipher_init( &ctx_enc );

    memset( key, 0x2a, sizeof( key ) );

    /* Check and get info structures */
    cipher_info = mbedtls_cipher_info_from_type( cipher_id );
    TEST_ASSERT( NULL != cipher_info );
    TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info );

    /* Initialise enc and dec contexts */
    TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
    TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) );

    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) );
    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) );

#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
    if( -1 != pad_mode )
    {
        TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) );
        TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) );
    }
#else
    (void) pad_mode;
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */

    /*
     * Do a few encode/decode cycles
     */
    for( i = 0; i < 3; i++ )
    {
    memset( iv , 0x00 + i, sizeof( iv ) );
    memset( ad, 0x10 + i, sizeof( ad ) );
    memset( inbuf, 0x20 + i, sizeof( inbuf ) );

    memset( encbuf, 0, sizeof( encbuf ) );
    memset( decbuf, 0, sizeof( decbuf ) );
    memset( tag, 0, sizeof( tag ) );

    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, sizeof( iv ) ) );
    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, sizeof( iv ) ) );

    TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
    TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );

#if defined(MBEDTLS_GCM_C)
    TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, ad, sizeof( ad ) - i ) );
    TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, ad, sizeof( ad ) - i ) );
#endif

    block_size = mbedtls_cipher_get_block_size( &ctx_enc );
    TEST_ASSERT( block_size != 0 );

    /* encode length number of bytes from inbuf */
    TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, length, encbuf, &outlen ) );
    total_len = outlen;

    TEST_ASSERT( total_len == length ||
                 ( total_len % block_size == 0 &&
                   total_len < length &&
                   total_len + block_size > length ) );

    TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + outlen, &outlen ) );
    total_len += outlen;

#if defined(MBEDTLS_GCM_C)
    TEST_ASSERT( 0 == mbedtls_cipher_write_tag( &ctx_enc, tag, sizeof( tag ) ) );
#endif

    TEST_ASSERT( total_len == length ||
                 ( total_len % block_size == 0 &&
                   total_len > length &&
                   total_len <= length + block_size ) );

    /* decode the previously encoded string */
    TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, total_len, decbuf, &outlen ) );
    total_len = outlen;

    TEST_ASSERT( total_len == length ||
                 ( total_len % block_size == 0 &&
                   total_len < length &&
                   total_len + block_size >= length ) );

    TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) );
    total_len += outlen;

#if defined(MBEDTLS_GCM_C)
    TEST_ASSERT( 0 == mbedtls_cipher_check_tag( &ctx_dec, tag, sizeof( tag ) ) );
#endif

    /* check result */
    TEST_ASSERT( total_len == length );
    TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) );
    }

    /*
     * Done
     */
exit:
    mbedtls_cipher_free( &ctx_dec );
    mbedtls_cipher_free( &ctx_enc );
}
/* END_CASE */

/* BEGIN_CASE */
void enc_fail( int cipher_id, int pad_mode, int key_len,
               int length_val, int ret )
{
    size_t length = length_val;
    unsigned char key[32];
    unsigned char iv[16];

    const mbedtls_cipher_info_t *cipher_info;
    mbedtls_cipher_context_t ctx;

    unsigned char inbuf[64];
    unsigned char encbuf[64];

    size_t outlen = 0;

    memset( key, 0, 32 );
    memset( iv , 0, 16 );

    mbedtls_cipher_init( &ctx );

    memset( inbuf, 5, 64 );
    memset( encbuf, 0, 64 );

    /* Check and get info structures */
    cipher_info = mbedtls_cipher_info_from_type( cipher_id );
    TEST_ASSERT( NULL != cipher_info );

    /* Initialise context */
    TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, key_len, MBEDTLS_ENCRYPT ) );
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
    TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
#else
    (void) pad_mode;
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, 16 ) );
    TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) );
#if defined(MBEDTLS_GCM_C)
    TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, NULL, 0 ) );
#endif

    /* encode length number of bytes from inbuf */
    TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, inbuf, length, encbuf, &outlen ) );
    TEST_ASSERT( ret == mbedtls_cipher_finish( &ctx, encbuf + outlen, &outlen ) );

    /* done */
exit:
    mbedtls_cipher_free( &ctx );
}
/* END_CASE */

/* BEGIN_CASE */
void dec_empty_buf()
{
    unsigned char key[32];
    unsigned char iv[16];

    mbedtls_cipher_context_t ctx_dec;
    const mbedtls_cipher_info_t *cipher_info;

    unsigned char encbuf[64];
    unsigned char decbuf[64];

    size_t outlen = 0;

    memset( key, 0, 32 );
    memset( iv , 0, 16 );

    mbedtls_cipher_init( &ctx_dec );

    memset( encbuf, 0, 64 );
    memset( decbuf, 0, 64 );

    /* Initialise context */
    cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC );
    TEST_ASSERT( NULL != cipher_info);

    TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );

    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, 128, MBEDTLS_DECRYPT ) );

    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );

    TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );

#if defined(MBEDTLS_GCM_C)
    TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) );
#endif

    /* decode 0-byte string */
    TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
    TEST_ASSERT( 0 == outlen );
    TEST_ASSERT( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED == mbedtls_cipher_finish(
                 &ctx_dec, decbuf + outlen, &outlen ) );
    TEST_ASSERT( 0 == outlen );

exit:
    mbedtls_cipher_free( &ctx_dec );
}
/* END_CASE */

/* BEGIN_CASE */
void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val,
                            int second_length_val )
{
    size_t first_length = first_length_val;
    size_t second_length = second_length_val;
    size_t length = first_length + second_length;
    size_t block_size;
    unsigned char key[32];
    unsigned char iv[16];

    mbedtls_cipher_context_t ctx_dec;
    mbedtls_cipher_context_t ctx_enc;
    const mbedtls_cipher_info_t *cipher_info;

    unsigned char inbuf[64];
    unsigned char encbuf[64];
    unsigned char decbuf[64];

    size_t outlen = 0;
    size_t totaloutlen = 0;

    memset( key, 0, 32 );
    memset( iv , 0, 16 );

    mbedtls_cipher_init( &ctx_dec );
    mbedtls_cipher_init( &ctx_enc );

    memset( inbuf, 5, 64 );
    memset( encbuf, 0, 64 );
    memset( decbuf, 0, 64 );

    /* Initialise enc and dec contexts */
    cipher_info = mbedtls_cipher_info_from_type( cipher_id );
    TEST_ASSERT( NULL != cipher_info);

    TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
    TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) );

    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) );
    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) );

    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );
    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, 16 ) );

    TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
    TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );

#if defined(MBEDTLS_GCM_C)
    TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) );
    TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, NULL, 0 ) );
#endif

    block_size = mbedtls_cipher_get_block_size( &ctx_enc );
    TEST_ASSERT( block_size != 0 );

    /* encode length number of bytes from inbuf */
    TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, first_length, encbuf, &outlen ) );
    totaloutlen = outlen;
    TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf + first_length, second_length, encbuf + totaloutlen, &outlen ) );
    totaloutlen += outlen;
    TEST_ASSERT( totaloutlen == length ||
                 ( totaloutlen % block_size == 0 &&
                   totaloutlen < length &&
                   totaloutlen + block_size > length ) );

    TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + totaloutlen, &outlen ) );
    totaloutlen += outlen;
    TEST_ASSERT( totaloutlen == length ||
                 ( totaloutlen % block_size == 0 &&
                   totaloutlen > length &&
                   totaloutlen <= length + block_size ) );

    /* decode the previously encoded string */
    TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, totaloutlen, decbuf, &outlen ) );
    totaloutlen = outlen;

    TEST_ASSERT( totaloutlen == length ||
                 ( totaloutlen % block_size == 0 &&
                   totaloutlen < length &&
                   totaloutlen + block_size >= length ) );

    TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) );
    totaloutlen += outlen;

    TEST_ASSERT( totaloutlen == length );

    TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) );

exit:
    mbedtls_cipher_free( &ctx_dec );
    mbedtls_cipher_free( &ctx_enc );
}
/* END_CASE */

/* BEGIN_CASE */
void decrypt_test_vec( int cipher_id, int pad_mode,
                       char *hex_key, char *hex_iv,
                       char *hex_cipher, char *hex_clear,
                       char *hex_ad, char *hex_tag,
                       int finish_result, int tag_result )
{
    unsigned char key[50];
    unsigned char iv[50];
    unsigned char cipher[200];
    unsigned char clear[200];
    unsigned char ad[200];
    unsigned char tag[20];
    size_t key_len, iv_len, cipher_len, clear_len;
#if defined(MBEDTLS_GCM_C)
    size_t ad_len, tag_len;
#endif
    mbedtls_cipher_context_t ctx;
    unsigned char output[200];
    size_t outlen, total_len;

    mbedtls_cipher_init( &ctx );

    memset( key, 0x00, sizeof( key ) );
    memset( iv, 0x00, sizeof( iv ) );
    memset( cipher, 0x00, sizeof( cipher ) );
    memset( clear, 0x00, sizeof( clear ) );
    memset( ad, 0x00, sizeof( ad ) );
    memset( tag, 0x00, sizeof( tag ) );
    memset( output, 0x00, sizeof( output ) );

    key_len = unhexify( key, hex_key );
    iv_len = unhexify( iv, hex_iv );
    cipher_len = unhexify( cipher, hex_cipher );
    clear_len = unhexify( clear, hex_clear );
#if defined(MBEDTLS_GCM_C)
    ad_len = unhexify( ad, hex_ad );
    tag_len = unhexify( tag, hex_tag );
#else
    ((void) hex_ad);
    ((void) hex_tag);
#endif

    /* Prepare context */
    TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
                                       mbedtls_cipher_info_from_type( cipher_id ) ) );
    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, MBEDTLS_DECRYPT ) );
#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
    if( pad_mode != -1 )
        TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
#else
    (void) pad_mode;
#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
    TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, iv_len ) );
    TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) );
#if defined(MBEDTLS_GCM_C)
    TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, ad, ad_len ) );
#endif

    /* decode buffer and check tag */
    total_len = 0;
    TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, cipher, cipher_len, output, &outlen ) );
    total_len += outlen;
    TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen,
                                                 &outlen ) );
    total_len += outlen;
#if defined(MBEDTLS_GCM_C)
    TEST_ASSERT( tag_result == mbedtls_cipher_check_tag( &ctx, tag, tag_len ) );
#endif

    /* check plaintext only if everything went fine */
    if( 0 == finish_result && 0 == tag_result )
    {
        TEST_ASSERT( total_len == clear_len );
        TEST_ASSERT( 0 == memcmp( output, clear, clear_len ) );
    }

exit:
    mbedtls_cipher_free( &ctx );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */
void auth_crypt_tv( int cipher_id, char *hex_key, char *hex_iv,
                    char *hex_ad, char *hex_cipher,
                    char *hex_tag, char *hex_clear )
{
    int ret;
    unsigned char key[50];
    unsigned char iv[50];
    unsigned char cipher[200];
    unsigned char clear[200];
    unsigned char ad[200];
    unsigned char tag[20];
    unsigned char my_tag[20];
    size_t key_len, iv_len, cipher_len, clear_len, ad_len, tag_len;
    mbedtls_cipher_context_t ctx;
    unsigned char output[200];
    size_t outlen;

    mbedtls_cipher_init( &ctx );

    memset( key,    0x00, sizeof( key    ) );
    memset( iv,     0x00, sizeof( iv     ) );
    memset( cipher, 0x00, sizeof( cipher ) );
    memset( clear,  0x00, sizeof( clear  ) );
    memset( ad,     0x00, sizeof( ad     ) );
    memset( tag,    0x00, sizeof( tag    ) );
    memset( my_tag, 0xFF, sizeof( my_tag ) );
    memset( output, 0xFF, sizeof( output ) );

    key_len     = unhexify( key,    hex_key     );
    iv_len      = unhexify( iv,     hex_iv      );
    cipher_len  = unhexify( cipher, hex_cipher  );
    ad_len      = unhexify( ad,     hex_ad      );
    tag_len     = unhexify( tag,    hex_tag     );

    /* Prepare context */
    TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
                                       mbedtls_cipher_info_from_type( cipher_id ) ) );
    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, MBEDTLS_DECRYPT ) );

    /* decode buffer and check tag */
    ret = mbedtls_cipher_auth_decrypt( &ctx, iv, iv_len, ad, ad_len,
                               cipher, cipher_len, output, &outlen,
                               tag, tag_len );

    /* make sure we didn't overwrite */
    TEST_ASSERT( output[outlen + 0] == 0xFF );
    TEST_ASSERT( output[outlen + 1] == 0xFF );

    /* make sure the message is rejected if it should be */
    if( strcmp( hex_clear, "FAIL" ) == 0 )
    {
        TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
        goto exit;
    }

    /* otherwise, make sure it was decrypted properly */
    TEST_ASSERT( ret == 0 );

    clear_len = unhexify( clear,  hex_clear   );
    TEST_ASSERT( outlen == clear_len );
    TEST_ASSERT( memcmp( output, clear, clear_len ) == 0 );

    /* then encrypt the clear and make sure we get the same ciphertext and tag */
    memset( output, 0xFF, sizeof( output ) );
    outlen = 0;

    ret = mbedtls_cipher_auth_encrypt( &ctx, iv, iv_len, ad, ad_len,
                               clear, clear_len, output, &outlen,
                               my_tag, tag_len );
    TEST_ASSERT( ret == 0 );

    TEST_ASSERT( outlen == clear_len );
    TEST_ASSERT( memcmp( output, cipher, clear_len ) == 0 );
    TEST_ASSERT( memcmp( my_tag, tag, tag_len ) == 0 );

    /* make sure we didn't overwrite */
    TEST_ASSERT( output[outlen + 0] == 0xFF );
    TEST_ASSERT( output[outlen + 1] == 0xFF );
    TEST_ASSERT( my_tag[tag_len + 0] == 0xFF );
    TEST_ASSERT( my_tag[tag_len + 1] == 0xFF );


exit:
    mbedtls_cipher_free( &ctx );
}
/* END_CASE */

/* BEGIN_CASE */
void test_vec_ecb( int cipher_id, int operation, char *hex_key,
                   char *hex_input, char *hex_result,
                   int finish_result )
{
    unsigned char key[50];
    unsigned char input[16];
    unsigned char result[16];
    size_t key_len;
    mbedtls_cipher_context_t ctx;
    unsigned char output[32];
    size_t outlen;

    mbedtls_cipher_init( &ctx );

    memset( key, 0x00, sizeof( key ) );
    memset( input, 0x00, sizeof( input ) );
    memset( result, 0x00, sizeof( result ) );
    memset( output, 0x00, sizeof( output ) );

    /* Prepare context */
    TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
                                       mbedtls_cipher_info_from_type( cipher_id ) ) );

    key_len = unhexify( key, hex_key );
    TEST_ASSERT( unhexify( input, hex_input ) ==
                 (int) mbedtls_cipher_get_block_size( &ctx ) );
    TEST_ASSERT( unhexify( result, hex_result ) ==
                 (int) mbedtls_cipher_get_block_size( &ctx ) );

    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, operation ) );

    TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, input,
                                     mbedtls_cipher_get_block_size( &ctx ),
                                     output, &outlen ) );
    TEST_ASSERT( outlen == mbedtls_cipher_get_block_size( &ctx ) );
    TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen,
                                                 &outlen ) );
    TEST_ASSERT( 0 == outlen );

    /* check plaintext only if everything went fine */
    if( 0 == finish_result )
        TEST_ASSERT( 0 == memcmp( output, result,
                                  mbedtls_cipher_get_block_size( &ctx ) ) );

exit:
    mbedtls_cipher_free( &ctx );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
void set_padding( int cipher_id, int pad_mode, int ret )
{
    const mbedtls_cipher_info_t *cipher_info;
    mbedtls_cipher_context_t ctx;

    mbedtls_cipher_init( &ctx );

    cipher_info = mbedtls_cipher_info_from_type( cipher_id );
    TEST_ASSERT( NULL != cipher_info );
    TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );

    TEST_ASSERT( ret == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );

exit:
    mbedtls_cipher_free( &ctx );
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
void check_padding( int pad_mode, char *input_str, int ret, int dlen_check )
{
    mbedtls_cipher_info_t cipher_info;
    mbedtls_cipher_context_t ctx;
    unsigned char input[16];
    size_t ilen, dlen;

    /* build a fake context just for getting access to get_padding */
    mbedtls_cipher_init( &ctx );
    cipher_info.mode = MBEDTLS_MODE_CBC;
    ctx.cipher_info = &cipher_info;

    TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );

    ilen = unhexify( input, input_str );

    TEST_ASSERT( ret == ctx.get_padding( input, ilen, &dlen ) );
    if( 0 == ret )
        TEST_ASSERT( dlen == (size_t) dlen_check );
}
/* END_CASE */