Sean Parkinson
c905033acf
API tests: more cipher tests
...
1. Unaligned Buffer Tests
Verify correct output when input/output buffers are byte-offset by 1,
2, and 3 bytes.
- AES-CBC, AES-CTS, AES-CTR, AES-GCM, AES-CCM, AES-XTS
- ChaCha20, ChaCha20-Poly1305
2. In-Place (Overlapping) Buffer Tests
Verify correct output when out == in (same pointer for input and
output).
- AES-CTS, AES-GCM, AES-CCM, AES-XTS
- ChaCha20, ChaCha20-Poly1305
3. Cross-Cipher Verification Tests
Verify that a higher-level mode produces identical output when
manually reconstructed from a lower-level primitive (typically AES-ECB +
XOR).
- AES-CBC (= ECB + XOR chaining)
- AES-CFB (= ECB(ciphertext feedback) + XOR)
- AES-OFB (= ECB(output feedback) + XOR)
- AES-CTR (= ECB(counter) + XOR with big-endian increment)
- AES-GCM (ciphertext portion = CTR starting at counter J0+1)
- ChaCha20-Poly1305 (ciphertext = raw ChaCha20 keystream XOR; tag =
independent Poly1305)
4. Counter Overflow Tests
Verify correct carry propagation when the internal block counter wraps
around.
- AES-CTR (32-bit big-endian carry across 4 bytes: 0xFFFFFFFE → wrap)
- ChaCha20 (32-bit counter: 0xFFFFFFFF → 0x00000000)
5. AEAD Edge Case Tests
Verify correct behavior for empty inputs, empty AAD, and invalid auth
tag rejection.
- Ascon-AEAD128
- AES-CCM
- ChaCha20-Poly1305
6. Non-Standard Parameter Tests
Verify behavior outside the common fast path.
- AES-GCM: non-96-bit nonce lengths (1-byte, 60-byte, variable-length
loop, zero-length rejection)
7. Streaming API State Tests
Verify mid-stream state behavior and re-initialization after a final
call.
- AES-GCM stream, AES-XTS stream
- ChaCha20-Poly1305 stream
2026-04-15 17:05:32 +10:00
Sean Parkinson
663ca29a5d
Split out tests: random, wolfmath, public key
...
Improved testing of random APIs.
wolfmath tests moved out.
Public key algorithm testing moved out: RSA, DSA, DH, ECC, SM2,
Curve25519, Ed25519, Curve448, Ed448, ML-DSA.
Signature API tests moved out.
Fix for OCSP testing to ensure RSA is available.
Added group names to API test cases.
Can select groups to run with --group <name>. --groups lists all known
group names.
Added option to stop API testing on first failure: --stopOnFail.
2025-03-17 09:32:00 +10:00