Dynamically find AES-SIV test vector index instead of hardcoding in unit test

holtrop-wolfssl · holtrop-wolfssl · commit 5bc5251c3e6d · 2026-06-12T13:50:47.000-04:00
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
@@ -74784,39 +74784,48 @@ static wc_test_ret_t aes_siv_oneassoc_test(const AesSivTestVector* testVectors,
     return 0;
 }
 
-static wc_test_ret_t aes_siv_negative_test(const AesSivTestVector* testVectors)
+static wc_test_ret_t aes_siv_negative_test(const AesSivTestVector* testVectors, size_t n_vectors)
 {
     byte computedCiphertext[82];
     byte computedPlaintext[82];
     byte siv[WC_AES_BLOCK_SIZE];
     word32 j;
     wc_test_ret_t ret;
+    size_t vector_idx;
+
+    /* Find a test vector that has a non-empty plaintext size */
+    for (vector_idx = 0U; vector_idx < n_vectors; vector_idx++)
+    {
+        if (testVectors[vector_idx].plaintextSz > 0U)
+            break;
+    }
+    if (vector_idx == n_vectors)
+    {
+        return WC_TEST_RET_ENC_NC;
+    }
 
     /* Negative test: corrupted SIV must be rejected with AES_SIV_AUTH_E. */
-    ret = wc_AesSivEncrypt(testVectors[5].key, testVectors[5].keySz,
-                          testVectors[5].assoc1, testVectors[5].assoc1Sz,
-                          testVectors[5].nonce, testVectors[5].nonceSz,
-                          testVectors[5].plaintext,
-                          testVectors[5].plaintextSz, siv,
+    ret = wc_AesSivEncrypt(testVectors[vector_idx].key, testVectors[vector_idx].keySz,
+                          testVectors[vector_idx].assoc1, testVectors[vector_idx].assoc1Sz,
+                          testVectors[vector_idx].nonce, testVectors[vector_idx].nonceSz,
+                          testVectors[vector_idx].plaintext,
+                          testVectors[vector_idx].plaintextSz, siv,
                           computedCiphertext);
     if (ret != 0) {
         return WC_TEST_RET_ENC_EC(ret);
     }
     XMEMSET(computedPlaintext, 0xFF, sizeof(computedPlaintext));
     /* Corrupt one byte of the SIV tag. */
     siv[0] ^= 0x01;
-    ret = wc_AesSivDecrypt(testVectors[5].key, testVectors[5].keySz,
-                          testVectors[5].assoc1, testVectors[5].assoc1Sz,
-                          testVectors[5].nonce, testVectors[5].nonceSz,
-                          computedCiphertext, testVectors[5].plaintextSz,
+    ret = wc_AesSivDecrypt(testVectors[vector_idx].key, testVectors[vector_idx].keySz,
+                          testVectors[vector_idx].assoc1, testVectors[vector_idx].assoc1Sz,
+                          testVectors[vector_idx].nonce, testVectors[vector_idx].nonceSz,
+                          computedCiphertext, testVectors[vector_idx].plaintextSz,
                           siv, computedPlaintext);
     if (ret != WC_NO_ERR_TRACE(AES_SIV_AUTH_E)) {
         return WC_TEST_RET_ENC_EC(ret);
     }
-    if (testVectors[5].plaintextSz == 0U) {
-        return WC_TEST_RET_ENC_NC;
-    }
-    for (j = 0; j < testVectors[5].plaintextSz; ++j) {
+    for (j = 0; j < testVectors[vector_idx].plaintextSz; ++j) {
         if (computedPlaintext[j] != 0) {
             return WC_TEST_RET_ENC_NC;
         }
@@ -75012,7 +75021,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
     ret = aes_siv_multiassoc_test(testVectors, AES_SIV_TEST_VECTORS);
     if (ret != 0)
         return ret;
-    ret = aes_siv_negative_test(testVectors);
+    ret = aes_siv_negative_test(testVectors, AES_SIV_TEST_VECTORS);
     if (ret != 0)
         return ret;
     return 0;
