Fix all accidentally valid padding cases in tests

Another occasionally failing test has been observed. The reason was
again a correctly padded buffer generated during decryption with
invalid parameters. Statistically, this may happen in more than 1 per
256 cases and is an expected behavior when different key, iv, bcm or
ciphertext is used during decryption.

Hopefully all remaining cases related to accidentally valid padding
have been fixed by adding a length check if padding was ok.

Hepler function added.

Verify by running T303 and T604 in a loop.
while true; do yaca-unit-tests -t <GROUP>/<TEST> 2>&1 | grep fatal; done

Change-Id: I90c0d1322745de6341a8df13c83f9a34f6694fbe

diff --git a/tests/common.cpp b/tests/common.cpp
index 04c2779ddc12cd13937c86f0cdbb719b7da795a5..f358fcbae731a86bd8a23a5cbeb8490485e4a4ae 100644 (file)
--- a/tests/common.cpp
+++ b/tests/common.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2020 - 2021 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Contact: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
  *
@@ -205,3 +205,11 @@ void call_update_loop(yaca_context_h ctx, const char *input, size_t input_len,
                        part = left;
        }
 }
+
+void decrypt_check(int ret, size_t actual_len, size_t expected_len)
+{
+       if (ret != YACA_ERROR_INVALID_PARAMETER) {
+               BOOST_REQUIRE(ret == YACA_ERROR_NONE);
+               BOOST_REQUIRE(actual_len != expected_len);
+       }
+}

diff --git a/tests/common.h b/tests/common.h
index eafeb79aa6fd03ca06cd33afe38fc7c4d3cbf76e..45f9f8e2a28607a01bf6fb761f9ff13cae02c903 100644 (file)
--- a/tests/common.h
+++ b/tests/common.h
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2020 - 2021 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Contact: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
  *
@@ -136,5 +136,11 @@ void call_mock_test(func F)
        }
 }
 
+/*
+ * There's a quite high (over 1/256) chance that the decryption with wrong key, bcm, iv or
+ * ciphertext will create a correctly padded buffer (e.g. last byte equal to 0x01). In such case we
+ * expect that the length of the decrypted buffer will not match the original one.
+ */
+void decrypt_check(int ret, size_t actual_len, size_t expected_len);
 
 #endif /* COMMON_H */

diff --git a/tests/test_encrypt.cpp b/tests/test_encrypt.cpp
index 810c8370826d770b0d8f90f46b2ab05fc2c7fc4e..726f4cf15f70ed78e6e7144b24567f1d06678cb5 100644 (file)
--- a/tests/test_encrypt.cpp
+++ b/tests/test_encrypt.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2020 - 2021 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Contact: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
  *
@@ -710,7 +710,7 @@ BOOST_FIXTURE_TEST_CASE(T604__negative__encrypt_decrypt, InitDebugFixture)
                decrypted_len = written;
 
                ret = yaca_decrypt_finalize(ctx, decrypted + decrypted_len, &written);
-               BOOST_REQUIRE(ret == YACA_ERROR_INVALID_PARAMETER);
+               decrypt_check(ret, decrypted_len + written, INPUT_DATA_SIZE);
 
                yaca_context_destroy(ctx);
                ctx = YACA_CONTEXT_NULL;
@@ -735,16 +735,7 @@ BOOST_FIXTURE_TEST_CASE(T604__negative__encrypt_decrypt, InitDebugFixture)
                decrypted_len = written;
 
                ret = yaca_decrypt_finalize(ctx, decrypted + decrypted_len, &written);
-               if (ret != YACA_ERROR_INVALID_PARAMETER) {
-                       /*
-                        * There's a quite high (over 1/256) chance that the decryption with key2 will create
-                        * a correctly padded buffer (e.g. last byte equal to 0x01). In such case we expect that
-                        * the length of the decrypted buffer will not match the original one.
-                        */
-
-                       BOOST_REQUIRE(ret == YACA_ERROR_NONE);
-                       BOOST_REQUIRE(decrypted_len + written != INPUT_DATA_SIZE);
-               }
+               decrypt_check(ret, decrypted_len + written, INPUT_DATA_SIZE);
 
                yaca_context_destroy(ctx);
                ctx = YACA_CONTEXT_NULL;
@@ -772,7 +763,7 @@ BOOST_FIXTURE_TEST_CASE(T604__negative__encrypt_decrypt, InitDebugFixture)
                decrypted_len = written;
 
                ret = yaca_decrypt_finalize(ctx, decrypted + decrypted_len, &written);
-               BOOST_REQUIRE(ret == YACA_ERROR_INVALID_PARAMETER);
+               decrypt_check(ret, decrypted_len + written, INPUT_DATA_SIZE);
 
                yaca_context_destroy(ctx);
                ctx = YACA_CONTEXT_NULL;

diff --git a/tests/test_simple.cpp b/tests/test_simple.cpp
index 6c6478837cab28598d237e21609a989cd349e30d..e218cbf39f5f14bb16c78581e7fd28452b9d1ace 100644 (file)
--- a/tests/test_simple.cpp
+++ b/tests/test_simple.cpp
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2020 Samsung Electronics Co., Ltd All Rights Reserved
+ *  Copyright (c) 2020 - 2021 Samsung Electronics Co., Ltd All Rights Reserved
  *
  *  Contact: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
  *
@@ -251,7 +251,7 @@ BOOST_FIXTURE_TEST_CASE(T303__negative__simple_encrypt_decrypt, InitDebugFixture
        ret = yaca_simple_decrypt(YACA_ENCRYPT_AES, YACA_BCM_CBC, sym2, iv,
                                                          encrypted, encrypted_len,
                                                          &decrypted, &decrypted_len);
-       BOOST_REQUIRE(ret == YACA_ERROR_INVALID_PARAMETER);
+       decrypt_check(ret, decrypted_len, INPUT_DATA_SIZE);
 
        ret = yaca_simple_decrypt(YACA_ENCRYPT_AES, YACA_BCM_CBC, sym, iv2,
                                                          encrypted, encrypted_len,
@@ -273,7 +273,7 @@ BOOST_FIXTURE_TEST_CASE(T303__negative__simple_encrypt_decrypt, InitDebugFixture
        ret = yaca_simple_decrypt(YACA_ENCRYPT_AES, YACA_BCM_CBC, sym, iv,
                                                          encrypted, encrypted_len,
                                                          &decrypted, &decrypted_len);
-       BOOST_REQUIRE(ret == YACA_ERROR_INVALID_PARAMETER);
+       decrypt_check(ret, decrypted_len, INPUT_DATA_SIZE);
 
        yaca_key_destroy(sym);
        yaca_key_destroy(sym2);