Revert "Workaround for GCM IV length issue"

This reverts commit d6606535ac51bb3e574312106088f3f15843536e.

Change-Id: Iac1edf23290c19d0866f06138a31f6181093ba92

diff --git a/src/manager/crypto/sw-backend/internals.cpp b/src/manager/crypto/sw-backend/internals.cpp
index 77d1252..75ba3e3 100644 (file)
--- a/src/manager/crypto/sw-backend/internals.cpp
+++ b/src/manager/crypto/sw-backend/internals.cpp
@@ -820,34 +820,21 @@ RawBuffer decryptDataAesGcm(
        const RawBuffer &tag,
        const RawBuffer &aad)
 {
-       RawBuffer result, tmp;
-
-       auto decrypt = [&](const RawBuffer &actualIv){
-               EvpCipherPtr dec;
-               selectCipher(AlgoType::AES_GCM, key.size(), false)(dec, key, actualIv);
-               void *ptr = (void *)tag.data();
+       EvpCipherPtr dec;
+       selectCipher(AlgoType::AES_GCM, key.size(), false)(dec, key, iv);
+       void *ptr = (void *)tag.data();
 
-               dec->Control(EVP_CTRL_GCM_SET_TAG, tag.size(), ptr);
+       dec->Control(EVP_CTRL_GCM_SET_TAG, tag.size(), ptr);
 
-               if (!aad.empty())
-                       dec->AppendAAD(aad);
-
-               result = dec->Append(data);
-               try {
-                       tmp = dec->Finalize();
-               } catch (const Exc::Exception &e) {
-                       ThrowErr(Exc::InputParam,
-                                "Tag authentication failed in AES finalize function (the tag doesn't match).");
-               }
-       };
+       if (!aad.empty())
+               dec->AppendAAD(aad);
 
+       RawBuffer result = dec->Append(data);
+       RawBuffer tmp;
        try {
-               decrypt(iv);
-       } catch (const Exc::InputParam &e) {
-               LogDebug("AES GCM decryption failed. Retry with default iv length.");
-               RawBuffer shortIv = iv;
-               shortIv.resize(Params::DEFAULT_AES_GCM_IV_LEN);
-               decrypt(shortIv);
+               tmp = dec->Finalize();
+       } catch (const Exc::Exception &e) {
+               ThrowErr(Exc::InputParam, "Tag authentication failed in AES finalize function (the tag doesn't match).");
        }
        std::copy(tmp.begin(), tmp.end(), std::back_inserter(result));
        return result;

diff --git a/unit-tests/test_sw-backend.cpp b/unit-tests/test_sw-backend.cpp
index 08bbdd4..a2a9b4c 100644 (file)
--- a/unit-tests/test_sw-backend.cpp
+++ b/unit-tests/test_sw-backend.cpp
@@ -675,44 +675,6 @@ NEGATIVE_TEST_CASE(symmetricEncryptDecryptGcm)
        BOOST_REQUIRE_THROW(key->decrypt(ca2, encrypted), Exc::Crypto::InputParam);
 }
 
-POSITIVE_TEST_CASE(gcmIvLengthScrewUpWorkaround)
-{
-       const auto key = generateAes(128);
-       const auto data = createRandom(128);
-       const auto iv = createRandom(Params::DEFAULT_AES_IV_LEN);
-       CryptoAlgorithm ca;
-       RawBuffer encrypted, decrypted;
-       auto shortIv = iv;
-       shortIv.resize(Params::DEFAULT_AES_GCM_IV_LEN);
-
-       ca.setParam(ParamName::ALGO_TYPE, AlgoType::AES_GCM);
-       ca.setParam(ParamName::ED_IV, shortIv);
-       ca.setParam(ParamName::ED_TAG_LEN, 128);
-
-       // encrypt with 12B IV
-       BOOST_REQUIRE_NO_THROW(encrypted = key->encrypt(ca, data));
-
-       // decrypt with 12B IV
-       BOOST_REQUIRE_NO_THROW(decrypted = key->decrypt(ca, encrypted));
-       BOOST_REQUIRE(decrypted == data);
-
-       // decrypt with 16B IV should also succeed (workaround)
-       ca.setParam(ParamName::ED_IV, iv);
-       BOOST_REQUIRE_NO_THROW(decrypted = key->decrypt(ca, encrypted));
-       BOOST_REQUIRE(decrypted == data);
-
-       // encrypt with 16B IV
-       BOOST_REQUIRE_NO_THROW(encrypted = key->encrypt(ca, data));
-
-       // decrypt with 16B IV
-       BOOST_REQUIRE_NO_THROW(decrypted = key->decrypt(ca, encrypted));
-       BOOST_REQUIRE(decrypted == data);
-
-       // decrypt with 12B IV should fail
-       ca.setParam(ParamName::ED_IV, shortIv);
-       BOOST_REQUIRE_THROW(key->decrypt(ca, encrypted), Exc::Crypto::InputParam);
-}
-
 NEGATIVE_TEST_CASE(symmetricEncryptDecryptCtr)
 {
        const auto key = generateAes(128);