From 5ab80efa10e1ab61f912feeb02ee9f913d223373 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Wed, 5 Jun 2019 15:35:08 +0100 Subject: [PATCH 1/2] test: Check empty buffer decryption for chachapoly Previously, even in the Chacha20 and Chacha20-Poly1305 tests, we would test that decryption of an empty buffer would work with MBEDTLS_CIPHER_AES_128_CBC. Make the cipher used with the dec_empty_buf() test configurable, so that Chacha20 and Chacha20-Poly1305 empty buffer tests can use ciphers other than AES CBC. Then, make the Chacha20 and Chacha20-Poly1305 empty buffer tests use the MBEDTLS_CIPHER_CHACHA20 and MBEDTLS_CIPHER_CHACHA20_POLY1305 cipher suites. --- tests/suites/test_suite_cipher.aes.data | 2 +- tests/suites/test_suite_cipher.chacha20.data | 2 +- .../suites/test_suite_cipher.chachapoly.data | 2 +- tests/suites/test_suite_cipher.function | 30 +++++++++++++++---- 4 files changed, 28 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index 1a8ff1e4b..c42fc7911 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -1,6 +1,6 @@ Decrypt empty buffer depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -dec_empty_buf: +dec_empty_buf:MBEDTLS_CIPHER_AES_128_CBC AES-128 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 diff --git a/tests/suites/test_suite_cipher.chacha20.data b/tests/suites/test_suite_cipher.chacha20.data index c67e582e7..1c394a7ec 100644 --- a/tests/suites/test_suite_cipher.chacha20.data +++ b/tests/suites/test_suite_cipher.chacha20.data @@ -1,6 +1,6 @@ Decrypt empty buffer depends_on:MBEDTLS_CHACHA20_C -dec_empty_buf: +dec_empty_buf:MBEDTLS_CIPHER_CHACHA20 Chacha20 RFC 7539 Test Vector #1 depends_on:MBEDTLS_CHACHA20_C diff --git a/tests/suites/test_suite_cipher.chachapoly.data b/tests/suites/test_suite_cipher.chachapoly.data index 7310a84d7..ccd0dfb57 100644 --- a/tests/suites/test_suite_cipher.chachapoly.data +++ b/tests/suites/test_suite_cipher.chachapoly.data @@ -1,6 +1,6 @@ Decrypt empty buffer depends_on:MBEDTLS_CHACHAPOLY_C -dec_empty_buf: +dec_empty_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305 ChaCha20+Poly1305 Encrypt and decrypt 0 bytes depends_on:MBEDTLS_CHACHAPOLY_C diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index ca39937c2..1ea14088b 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -710,7 +710,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void dec_empty_buf( ) +void dec_empty_buf( int cipher ) { unsigned char key[32]; unsigned char iv[16]; @@ -723,6 +723,8 @@ void dec_empty_buf( ) size_t outlen = 0; + int expected_ret; + memset( key, 0, 32 ); memset( iv , 0, 16 ); @@ -732,12 +734,15 @@ void dec_empty_buf( ) memset( decbuf, 0, 64 ); /* Initialise context */ - cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC ); + cipher_info = mbedtls_cipher_info_from_type( cipher ); TEST_ASSERT( NULL != cipher_info); + TEST_ASSERT( sizeof(key) * 8 >= cipher_info->key_bitlen ); TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); - TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, 128, MBEDTLS_DECRYPT ) ); + TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, + key, cipher_info->key_bitlen, + MBEDTLS_DECRYPT ) ); TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) ); @@ -750,8 +755,23 @@ void dec_empty_buf( ) /* decode 0-byte string */ TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) ); TEST_ASSERT( 0 == outlen ); - TEST_ASSERT( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED == mbedtls_cipher_finish( - &ctx_dec, decbuf + outlen, &outlen ) ); + + if ( cipher_info->mode == MBEDTLS_MODE_CBC || + cipher_info->mode == MBEDTLS_MODE_ECB ) + { + /* CBC and ECB ciphers need a full block of input. */ + expected_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; + } + else + { + /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and + * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when + * decrypting an empty buffer. */ + expected_ret = 0; + } + + TEST_ASSERT( expected_ret == mbedtls_cipher_finish( + &ctx_dec, decbuf + outlen, &outlen ) ); TEST_ASSERT( 0 == outlen ); exit: From b01314683a5c6d40cce3c4ade3f190da0a9c528c Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Wed, 5 Jun 2019 16:50:39 +0100 Subject: [PATCH 2/2] test: Remove redundant 0-byte decryption test Remove the "Decrypt empty buffer" test, as ChaCha20 is a stream cipher and 0 bytes encrypted is identical to a 0 length buffer. The "ChaCha20 Encrypt and decrypt 0 bytes" test will test decryption of a 0 length buffer. --- tests/suites/test_suite_cipher.chacha20.data | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/suites/test_suite_cipher.chacha20.data b/tests/suites/test_suite_cipher.chacha20.data index 1c394a7ec..11de1038a 100644 --- a/tests/suites/test_suite_cipher.chacha20.data +++ b/tests/suites/test_suite_cipher.chacha20.data @@ -1,7 +1,3 @@ -Decrypt empty buffer -depends_on:MBEDTLS_CHACHA20_C -dec_empty_buf:MBEDTLS_CIPHER_CHACHA20 - Chacha20 RFC 7539 Test Vector #1 depends_on:MBEDTLS_CHACHA20_C decrypt_test_vec:MBEDTLS_CIPHER_CHACHA20:-1:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"":"":0:0