Improve in-place testing

author: Niels Möller <nisse@lysator.liu.se> 2023-04-23 19:59:54 +0200
committer: Niels Möller <nisse@lysator.liu.se> 2023-04-23 19:59:54 +0200
commit: a1056ebefcb2f256dfa66f11017a3c205438b1b4 (patch)
tree: b788fd3a65cf2572f5b9ac14c388d07e66ac4e4e
parent: e6563339b96ad2396bfcb1dfe88c1aeb15942281 (diff)
download: nettle-a1056ebefcb2f256dfa66f11017a3c205438b1b4.tar.gz
5 files changed, 69 insertions, 31 deletions
diff --git a/siv-cmac.c b/siv-cmac.c
index 8205c320..a1e2a4bd 100644
--- a/siv-cmac.c
+++ b/siv-cmac.c
@@ -122,7 +122,8 @@ siv_cmac_encrypt_message (const struct cmac128_key *cmac_key,
 {
   union nettle_block16 siv;
   size_t slength;
-
+  /* In-place operation not supported. */
+  assert (dst != src);
   assert (clength >= SIV_DIGEST_SIZE);
   slength = clength - SIV_DIGEST_SIZE;
 
@@ -149,6 +150,9 @@ siv_cmac_decrypt_message (const struct cmac128_key *cmac_key,
   union nettle_block16 siv;
   union nettle_block16 ctr;
 
+  /* In-place operation not supported. */
+  assert (dst != src);
+
   memcpy (ctr.b, src, SIV_DIGEST_SIZE);
   ctr.b[8] &= ~0x80;
   ctr.b[12] &= ~0x80;
diff --git a/testsuite/siv-gcm-test.c b/testsuite/siv-gcm-test.c
index 1e02fcc7..49302ad7 100644
--- a/testsuite/siv-gcm-test.c
+++ b/testsuite/siv-gcm-test.c
@@ -48,6 +48,7 @@ siv_gcm_aes128 = {
   sizeof(struct aes128_ctx),
   AES128_KEY_SIZE,
   SIV_GCM_DIGEST_SIZE,
+  1, /* Supports in-place operation. */
   (nettle_set_key_func*) aes128_set_encrypt_key,
   (nettle_set_key_func*) aes128_set_encrypt_key,
   (nettle_encrypt_message_func*) siv_gcm_aes128_encrypt_message,
@@ -60,6 +61,7 @@ siv_gcm_aes256 = {
   sizeof(struct aes256_ctx),
   AES256_KEY_SIZE,
   SIV_GCM_DIGEST_SIZE,
+  1, /* Supports in-place operation. */
   (nettle_set_key_func*) aes256_set_encrypt_key,
   (nettle_set_key_func*) aes256_set_encrypt_key,
   (nettle_encrypt_message_func*) siv_gcm_aes256_encrypt_message,
diff --git a/testsuite/siv-test.c b/testsuite/siv-test.c
index 7b10ff0d..53214bbb 100644
--- a/testsuite/siv-test.c
+++ b/testsuite/siv-test.c
@@ -42,6 +42,7 @@ siv_cmac_aes128 = {
   sizeof(struct siv_cmac_aes128_ctx),
   SIV_CMAC_AES128_KEY_SIZE,
   SIV_DIGEST_SIZE,
+  0, /* No in-place operation. */
   (nettle_set_key_func*) siv_cmac_aes128_set_key,
   (nettle_set_key_func*) siv_cmac_aes128_set_key,
   (nettle_encrypt_message_func*) siv_cmac_aes128_encrypt_message,
@@ -54,6 +55,7 @@ siv_cmac_aes256 = {
   sizeof(struct siv_cmac_aes256_ctx),
   SIV_CMAC_AES256_KEY_SIZE,
   SIV_DIGEST_SIZE,
+  0, /* No in-place operation. */
   (nettle_set_key_func*) siv_cmac_aes256_set_key,
   (nettle_set_key_func*) siv_cmac_aes256_set_key,
   (nettle_encrypt_message_func*) siv_cmac_aes256_encrypt_message,
diff --git a/testsuite/testutils.c b/testsuite/testutils.c
index 74059c53..3420ae9d 100644
--- a/testsuite/testutils.c
+++ b/testsuite/testutils.c
@@ -917,6 +917,9 @@ test_aead_message (const struct nettle_aead_message *aead,
 {
   void *ctx = xalloc (aead->context_size);
   uint8_t *buf = xalloc (cipher->length + 1);
+  uint8_t *copy = xalloc (cipher->length);
+
+  static const uint8_t nul = 0;
   int res;
 
   ASSERT (key->length == aead->key_size);
@@ -943,26 +946,7 @@ test_aead_message (const struct nettle_aead_message *aead,
       FAIL();
     }
   aead->set_decrypt_key (ctx, key->data);
-#if 0
-  /* First try in-place decrypt. FIXME: Not supported for SIV. */
-  res = aead->decrypt (ctx,
-		       nonce->length, nonce->data,
-		       adata->length, adata->data,
-		       clear->length, buf, buf);
-  if (!res)
-    {
-      fprintf (stderr, "in-place decrypting valid ciphertext failed:\n  ");
-      tstring_print_hex (cipher);
-    }
-  if (!MEMEQ (clear->length, clear->data, buf))
-    {
-      fprintf(stderr, "aead->decrypt (in place message) failed:\n  got: ");
-      print_hex (clear->length, buf);
-      fprintf (stderr, "  exp: ");
-      tstring_print_hex (clear);
-      FAIL();
-    }
-#endif
+
   memset (buf, 0xae, clear->length + 1);
 
   res = aead->decrypt (ctx,
@@ -993,39 +977,84 @@ test_aead_message (const struct nettle_aead_message *aead,
       fprintf (stderr, "Invalid message (truncated) not rejected\n");
       FAIL();
     }
-  memcpy (buf, cipher->data, cipher->length);
-  buf[0] ^= 4;
+  memcpy (copy, cipher->data, cipher->length);
+  copy[0] ^= 4;
   if (aead->decrypt (ctx,
 		     nonce->length, nonce->data,
 		     adata->length, adata->data,
-		     clear->length, buf, buf))
+		     clear->length, buf, copy))
     {
       fprintf (stderr, "Invalid message (first byte modified) not rejected\n");
       FAIL();
     }
 
-  memcpy (buf, cipher->data, cipher->length);
-  buf[cipher->length - 1] ^= 4;
+  memcpy (copy, cipher->data, cipher->length);
+  copy[cipher->length - 1] ^= 4;
   if (aead->decrypt (ctx,
 		     nonce->length, nonce->data,
 		     adata->length, adata->data,
-		     clear->length, buf, buf))
+		     clear->length, buf, copy))
     {
       fprintf (stderr, "Invalid message (last byte modified) not rejected\n");
       FAIL();
     }
 
-  memcpy (buf, adata->data, adata->length);
-  if (adata->length == 0)
-    buf[0] = 0;
   if (aead->decrypt (ctx,
 		     nonce->length, nonce->data,
-		     adata->length ? adata->length /* - 1 */ : 1, buf,
+		     adata->length > 0 ? adata->length - 1 : 1,
+		     adata->length > 0 ? adata->data : &nul,
 		     clear->length, buf, cipher->data))
     {
       fprintf (stderr, "Invalid adata not rejected\n");
       FAIL();
     }
+
+  /* Test in-place operation. NOTE: Not supported for SIV-CMAC. */
+  if (aead->supports_inplace)
+    {
+      aead->set_encrypt_key (ctx, key->data);
+      buf[cipher->length] = 0xae;
+
+      memcpy (buf, clear->data, clear->length);
+      aead->encrypt (ctx,
+		     nonce->length, nonce->data,
+		     adata->length, adata->data,
+		     cipher->length, buf, buf);
+      if (!MEMEQ (cipher->length, cipher->data, buf))
+	{
+	  fprintf(stderr, "aead->encrypt (in-place message) failed:\n  got: ");
+	  print_hex (cipher->length, buf);
+	  fprintf (stderr, "  exp: ");
+	  tstring_print_hex (cipher);
+	  FAIL();
+	}
+      if (buf[cipher->length] != 0xae)
+	{
+	  fprintf (stderr, "aead->encrypt (in-place message) wrote too much.\n ");
+	  FAIL();
+	}
+
+      res = aead->decrypt (ctx,
+			   nonce->length, nonce->data,
+			   adata->length, adata->data,
+			   clear->length, buf, buf);
+      if (!res)
+	{
+	  fprintf (stderr, "in-place decrypting valid ciphertext failed:\n  ");
+	  tstring_print_hex (cipher);
+	}
+      if (!MEMEQ (clear->length, clear->data, buf))
+	{
+	  fprintf(stderr, "aead->decrypt (in-place message) failed:\n  got: ");
+	  print_hex (clear->length, buf);
+	  fprintf (stderr, "  exp: ");
+	  tstring_print_hex (clear);
+	  FAIL();
+	}
+    }
+  free (ctx);
+  free (buf);
+  free (copy);
 }
 
 void
diff --git a/testsuite/testutils.h b/testsuite/testutils.h
index 7606cc3a..687bcd73 100644
--- a/testsuite/testutils.h
+++ b/testsuite/testutils.h
@@ -97,6 +97,7 @@ struct nettle_aead_message
   unsigned context_size;
   unsigned key_size;
   unsigned digest_size;
+  int supports_inplace;
   nettle_set_key_func *set_encrypt_key;
   nettle_set_key_func *set_decrypt_key;
   nettle_encrypt_message_func *encrypt;
author	Niels Möller <nisse@lysator.liu.se>	2023-04-23 19:59:54 +0200
committer	Niels Möller <nisse@lysator.liu.se>	2023-04-23 19:59:54 +0200
commit	a1056ebefcb2f256dfa66f11017a3c205438b1b4 (patch)
tree	b788fd3a65cf2572f5b9ac14c388d07e66ac4e4e
parent	e6563339b96ad2396bfcb1dfe88c1aeb15942281 (diff)
download	nettle-a1056ebefcb2f256dfa66f11017a3c205438b1b4.tar.gz