Skip to content

Improve multipart cipher tests: 2 blocks, CTR #62

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Feb 20, 2019
Merged

Improve multipart cipher tests: 2 blocks, CTR #62

merged 5 commits into from
Feb 20, 2019

Conversation

gilles-peskine-arm
Copy link
Collaborator

The only cipher multipart tests we had were for CBC with exactly one block. Add tests with CBC with two blocks and tests with CTR.

@gilles-peskine-arm
Fix output size calculations in cipher tests
ee46fe7 
Some calls to psa_cipher_finish or psa_cipher_update append to a
buffer. Several of these calls were not calculating the offset into
the buffer or the remaining buffer size correctly.

This did not lead to buffer overflows before because the buffer sizes
were sufficiently large for our test inputs. This did not lead to
incorrect output when the test was designed to append but actually
wrote too early because all the existing test cases either have no
output from finish (stream cipher) or have no output from update (CBC,
with less than one block of input).
@gilles-peskine-arm
Fix incorrect length check in multipart cipher tests
3b7e084 
The output length can be equal to the input length.

This wasn't noticed at runtime because we happened to only test with
CBC with the first chunk being a partial block.
@gilles-peskine-arm
Add CBC multipart tests with 2 blocks
3215de4 
Test data obtained with Python+PyCrypto:
AES.new(key, AES.MODE_CBC, iv).encrypt(plaintext.decode('hex')).encode('hex')
@gilles-peskine-arm
Add some CTR multipart tests
a04ba4e 
Test data obtained with Python+PyCrypto:
AES.new(key, mode=AES.MODE_CTR, counter=Crypto.Util.Counter.new(128, initial_value=0x2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a)).encrypt(plaintext.decode('hex')).encode('hex')
@gilles-peskine-arm
Test the length of cipher_update output
e086652 
In multipart cipher tests, test that each step of psa_cipher_update
produces output of the expected length. The length is hard-coded in
the test data since it depends on the mode.

The length of the output of psa_cipher_finish is effectively tested
because it's the total output length minus the length produced by the
update steps.
@gilles-peskine-arm gilles-peskine-arm added enhancement New feature or request needs: review The pull request is ready for review. This generally means that it has no known issues. labels Feb 19, 2019
Patater
Patater approved these changes Feb 20, 2019
View reviewed changes
Copy link
Contributor

@Patater Patater left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

dgreen-arm
dgreen-arm approved these changes Feb 20, 2019
View reviewed changes
Copy link
Contributor

@dgreen-arm dgreen-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Patater Patater removed the needs: review The pull request is ready for review. This generally means that it has no known issues. label Feb 20, 2019
@Patater
Copy link
Contributor

Patater commented Feb 20, 2019

CI failure is FreeBSD timing test, a known-flaky test.

@Patater Patater merged commit 5483461 into ARMmbed:development Feb 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Patater Patater Patater approved these changes

@dgreen-arm dgreen-arm dgreen-arm approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gilles-peskine-arm @Patater @dgreen-arm