From: Krzysztof Jackiewicz Date: Tue, 23 May 2023 06:45:16 +0000 (+0200) Subject: Test proper GCM IV length handling X-Git-Tag: accepted/tizen/6.0/unified/20230621.004733~1^2~18 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=61b910797b706b3e8494eb5841e4462bf1356125;p=platform%2Fcore%2Fsecurity%2Fkey-manager.git Test proper GCM IV length handling GCM implementation was using only the first 12B of IV regardless of its actual length. This modification makes the test check if the remaining bytes of the IV are ignored. Change-Id: I94281747bbe9363854484844fa038ae9bcd47a19 --- diff --git a/src/manager/crypto/generic-backend/crypto-params.h b/src/manager/crypto/generic-backend/crypto-params.h index ae23fba..41a4461 100644 --- a/src/manager/crypto/generic-backend/crypto-params.h +++ b/src/manager/crypto/generic-backend/crypto-params.h @@ -27,6 +27,7 @@ class Params { public: static const size_t DEFAULT_AES_IV_LEN = 16; // max acceptable size of IV + static const size_t DEFAULT_AES_GCM_IV_LEN = 12; // default size of IV in GCM mode static const int DEFAULT_AES_GCM_TAG_LEN_BYTES = 16; // length of AES GCM tag static const int DEFAULT_AES_GCM_TAG_LEN_BITS = DEFAULT_AES_GCM_TAG_LEN_BYTES * 8; static const int DERIVED_KEY_LENGTH = 16; // length of AES key derived from password in bytes diff --git a/unit-tests/test_sw-backend.cpp b/unit-tests/test_sw-backend.cpp index 19879ae..7c6a760 100644 --- a/unit-tests/test_sw-backend.cpp +++ b/unit-tests/test_sw-backend.cpp @@ -645,9 +645,17 @@ NEGATIVE_TEST_CASE(symmetricEncryptDecryptGcm) // wrong iv auto wrongIv = iv; - wrongIv[0] ^= 0x1; + wrongIv[iv.size() - 1] ^= 0x1; ca2.setParam(ParamName::ED_IV, wrongIv); BOOST_REQUIRE_THROW(key->decrypt(ca2, encrypted), Exc::Crypto::InputParam); + + // shortened iv + auto shortenedIv = iv; + static_assert(Params::DEFAULT_AES_GCM_IV_LEN < Params::DEFAULT_AES_IV_LEN); + shortenedIv.resize(Params::DEFAULT_AES_GCM_IV_LEN); + ca2.setParam(ParamName::ED_IV, shortenedIv); + BOOST_REQUIRE_THROW(key->decrypt(ca2, encrypted), Exc::Crypto::InputParam); + ca2.setParam(ParamName::ED_IV, iv); // wrong ciphertext