From b17537558a3e3338c9286705f73a00b979a5ed86 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack.lloyd@fortanix.com>
Date: Thu, 7 Mar 2019 16:59:14 -0500
Subject: [PATCH] Fix errors in AEAD test function

It was failing to set the key in the ENCRYPT direction before encrypting.
This just happened to work for GCM and CCM.

After re-encrypting, compare the length to the expected ciphertext
length not the plaintext length. Again this just happens to work for
GCM and CCM since they do not perform any kind of padding.
---
 ChangeLog                               | 3 +++
 tests/suites/test_suite_cipher.function | 7 +++++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index bae12c95c..71ca5ac25 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -30,6 +30,9 @@ Bugfix
    * Fix private key DER output in the key_app_writer example. File contents
      were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
      Christian Walther in #2239.
+   * Fix bugs in the AEAD test suite which would be exposed by ciphers which
+     either used both encrypt and decrypt key schedules, or which perform padding.
+     GCM and CCM were not affected. Fixed by Jack Lloyd.
 
 Changes
    * Include configuration file in all header files that use configuration,
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 343dd7863..2518ba576 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -627,6 +627,9 @@ void auth_crypt_tv( int cipher_id, char *hex_key, char *hex_iv,
     TEST_ASSERT( memcmp( output, clear, clear_len ) == 0 );
 
     /* then encrypt the clear and make sure we get the same ciphertext and tag */
+    TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len,
+                                             MBEDTLS_ENCRYPT ) );
+
     memset( output, 0xFF, sizeof( output ) );
     outlen = 0;
 
@@ -635,8 +638,8 @@ void auth_crypt_tv( int cipher_id, char *hex_key, char *hex_iv,
                                my_tag, tag_len );
     TEST_ASSERT( ret == 0 );
 
-    TEST_ASSERT( outlen == clear_len );
-    TEST_ASSERT( memcmp( output, cipher, clear_len ) == 0 );
+    TEST_ASSERT( outlen == cipher_len );
+    TEST_ASSERT( memcmp( output, cipher, cipher_len ) == 0 );
     TEST_ASSERT( memcmp( my_tag, tag, tag_len ) == 0 );
 
     /* make sure we didn't overwrite */