GCM implementation was using only the first 12B of IV regardless of its
actual length. This modification makes the test check if the remaining
bytes of the IV are ignored.
Change-Id: I94281747bbe9363854484844fa038ae9bcd47a19
{
public:
static const size_t DEFAULT_AES_IV_LEN = 16; // max acceptable size of IV
{
public:
static const size_t DEFAULT_AES_IV_LEN = 16; // max acceptable size of IV
+ static const size_t DEFAULT_AES_GCM_IV_LEN = 12; // default size of IV in GCM mode
static const int DEFAULT_AES_GCM_TAG_LEN_BYTES = 16; // length of AES GCM tag
static const int DEFAULT_AES_GCM_TAG_LEN_BITS = DEFAULT_AES_GCM_TAG_LEN_BYTES * 8;
static const int DERIVED_KEY_LENGTH = 16; // length of AES key derived from password in bytes
static const int DEFAULT_AES_GCM_TAG_LEN_BYTES = 16; // length of AES GCM tag
static const int DEFAULT_AES_GCM_TAG_LEN_BITS = DEFAULT_AES_GCM_TAG_LEN_BYTES * 8;
static const int DERIVED_KEY_LENGTH = 16; // length of AES key derived from password in bytes
// wrong iv
auto wrongIv = iv;
// wrong iv
auto wrongIv = iv;
+ wrongIv[iv.size() - 1] ^= 0x1;
ca2.setParam(ParamName::ED_IV, wrongIv);
BOOST_REQUIRE_THROW(key->decrypt(ca2, encrypted), Exc::Crypto::InputParam);
ca2.setParam(ParamName::ED_IV, wrongIv);
BOOST_REQUIRE_THROW(key->decrypt(ca2, encrypted), Exc::Crypto::InputParam);
+
+ // shortened iv
+ auto shortenedIv = iv;
+ static_assert(Params::DEFAULT_AES_GCM_IV_LEN < Params::DEFAULT_AES_IV_LEN);
+ shortenedIv.resize(Params::DEFAULT_AES_GCM_IV_LEN);
+ ca2.setParam(ParamName::ED_IV, shortenedIv);
+ BOOST_REQUIRE_THROW(key->decrypt(ca2, encrypted), Exc::Crypto::InputParam);
+
ca2.setParam(ParamName::ED_IV, iv);
// wrong ciphertext
ca2.setParam(ParamName::ED_IV, iv);
// wrong ciphertext