diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index ac66812cc..cad40d59c 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -50,6 +50,30 @@ ccm_star_lengths:5:10:5:8:0
 CCM* fixed tag lengths #2 all OK - tag length 0
 ccm_star_lengths:5:10:5:0:0
 
+CCM* encrypt and tag #1
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_star_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"":"ACDE480000000001":"00000005":2:"08D0842143010000000048DEAC020500000055CF000051525354":"223BC1EC841AB553":0
+
+CCM* encrypt and tag #2
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_star_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"61626364":"ACDE480000000001":"00000005":4:"69DC842143020000000048DEAC010000000048DEAC0405000000":"D43E022B":0
+
+CCM* encrypt and tag #3
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_star_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"CE":"ACDE480000000001":"00000005":6:"2BDC842143020000000048DEACFFFF010000000048DEAC060500000001":"D84FDE529061F9C6F1":0
+
+CCM* auth decrypt tag #1
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_star_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"223BC1EC841AB553":"ACDE480000000001":"00000005":2:"08D0842143010000000048DEAC020500000055CF000051525354":"":0
+
+CCM* auth decrypt tag #2
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_star_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"D43E022B":"ACDE480000000001":"00000005":4:"69DC842143020000000048DEAC010000000048DEAC0405000000":"61626364":0
+
+CCM* auth decrypt tag #3
+depends_on:MBEDTLS_AES_C
+mbedtls_ccm_star_auth_decrypt:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"D84FDE529061F9C6F1":"ACDE480000000001":"00000005":6:"2BDC842143020000000048DEACFFFF010000000048DEAC060500000001":"CE":0
+
 CCM encrypt and tag RFC 3610 #1
 depends_on:MBEDTLS_AES_C
 mbedtls_ccm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"C0C1C2C3C4C5C6C7C8C9CACBCCCDCECF":"08090A0B0C0D0E0F101112131415161718191A1B1C1D1E":"00000003020100A0A1A2A3A4A5":"0001020304050607":"588C979A61C663D2F066D0C2C0F989806D5F6B61DAC38417E8D12CFDF926E0"
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 6d685438e..58c856985 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -228,3 +228,140 @@ exit:
     mbedtls_ccm_free( &ctx );
 }
 /* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ccm_star_encrypt_and_tag( int cipher_id,
+                            char *key_hex, char *msg_hex,
+                            char *source_address_hex, char *frame_counter_hex,
+                            int sec_level, char *add_hex,
+                            char *result_hex, int output_ret )
+{
+    unsigned char key[32];
+    unsigned char msg[50];
+    unsigned char iv[13];
+    unsigned char add[32];
+    unsigned char result[50];
+    unsigned char source_address[8];
+    unsigned char frame_counter[4];
+    mbedtls_ccm_context ctx;
+    size_t i, key_len, msg_len, iv_len, add_len, result_len, source_address_len, frame_counter_len, tag_len;
+    int ret;
+
+    mbedtls_ccm_init( &ctx );
+
+    memset( key, 0x00, sizeof( key ) );
+    memset( msg, 0x00, sizeof( msg ) );
+    memset( iv, 0x00, sizeof( iv ) );
+    memset( add, 0x00, sizeof( add ) );
+    memset( result, 0x00, sizeof( result ) );
+    memset( source_address, 0x00, sizeof( source_address ) );
+    memset( frame_counter, 0x00, sizeof( frame_counter ) );
+
+    key_len = unhexify( key, key_hex );
+    msg_len = unhexify( msg, msg_hex );
+    add_len = unhexify( add, add_hex );
+    result_len = unhexify( result, result_hex );
+    source_address_len = unhexify( source_address, source_address_hex );
+    frame_counter_len = unhexify( frame_counter, frame_counter_hex );
+
+    if( sec_level % 4 == 0)
+        tag_len = 0;
+    else
+        tag_len = 1 << ( sec_level % 4 + 1);
+
+    for( i = 0; i < source_address_len; i++ )
+        iv[i] = source_address[i];
+
+    for( i = 0; i < frame_counter_len; i++ )
+        iv[source_address_len + i] = frame_counter[i];
+
+    iv[source_address_len + frame_counter_len] = sec_level;
+    iv_len = sizeof( iv );
+
+    TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 );
+
+    ret = mbedtls_ccm_star_encrypt_and_tag( &ctx, msg_len, iv, iv_len,
+                 add, add_len, msg, msg, msg + msg_len, tag_len );
+
+    TEST_ASSERT( ret == output_ret );
+
+    TEST_ASSERT( memcmp( msg, result, result_len ) == 0 );
+
+    /* Check we didn't write past the end */
+    TEST_ASSERT( msg[result_len] == 0 && msg[result_len + 1] == 0 );
+
+exit:
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ccm_star_auth_decrypt( int cipher_id,
+                            char *key_hex, char *msg_hex,
+                            char *source_address_hex, char *frame_counter_hex,
+                            int sec_level, char *add_hex,
+                            char *result_hex, int output_ret )
+{
+    unsigned char key[32];
+    unsigned char msg[50];
+    unsigned char iv[13];
+    unsigned char add[32];
+    unsigned char tag[16];
+    unsigned char result[50];
+    unsigned char source_address[8];
+    unsigned char frame_counter[4];
+    mbedtls_ccm_context ctx;
+    size_t i, key_len, msg_len, iv_len, add_len, tag_len, result_len, source_address_len, frame_counter_len;
+    int ret;
+
+    mbedtls_ccm_init( &ctx );
+
+    memset( key, 0x00, sizeof( key ) );
+    memset( msg, 0x00, sizeof( msg ) );
+    memset( iv, 0x00, sizeof( iv ) );
+    memset( add, 0x00, sizeof( add ) );
+    memset( result, 0x00, sizeof( result ) );
+    memset( source_address, 0x00, sizeof( source_address ) );
+    memset( frame_counter, 0x00, sizeof( frame_counter ) );
+    memset( tag, 0x00, sizeof( tag ) );
+
+    key_len = unhexify( key, key_hex );
+    msg_len = unhexify( msg, msg_hex );
+    add_len = unhexify( add, add_hex );
+    result_len = unhexify( result, result_hex );
+    source_address_len = unhexify( source_address, source_address_hex );
+    frame_counter_len = unhexify( frame_counter, frame_counter_hex );
+
+    if( sec_level % 4 == 0)
+        tag_len = 0;
+    else
+        tag_len = 1 << ( sec_level % 4 + 1);
+
+    for( i = 0; i < source_address_len; i++ )
+        iv[i] = source_address[i];
+
+    for( i = 0; i < frame_counter_len; i++ )
+        iv[source_address_len + i] = frame_counter[i];
+
+    iv[source_address_len + frame_counter_len] = sec_level;
+    iv_len = sizeof( iv );
+
+    msg_len -= tag_len;
+    memcpy( tag, msg + msg_len, tag_len );
+
+    TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 );
+
+    ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len, iv, iv_len,
+                 add, add_len, msg, msg, msg + msg_len, tag_len );
+
+    TEST_ASSERT( ret == output_ret );
+
+    TEST_ASSERT( memcmp( msg, result, result_len ) == 0 );
+
+    /* Check we didn't write past the end (where the original tag is) */
+    TEST_ASSERT( memcmp( msg + msg_len, tag, tag_len ) == 0 );
+
+exit:
+    mbedtls_ccm_free( &ctx );
+}
+/* END_CASE */