From 61b910797b706b3e8494eb5841e4462bf1356125 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Tue, 23 May 2023 08:45:16 +0200 Subject: [PATCH] Test proper GCM IV length handling GCM implementation was using only the first 12B of IV regardless of its actual length. This modification makes the test check if the remaining bytes of the IV are ignored. Change-Id: I94281747bbe9363854484844fa038ae9bcd47a19 --- src/manager/crypto/generic-backend/crypto-params.h | 1 + unit-tests/test_sw-backend.cpp | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/manager/crypto/generic-backend/crypto-params.h b/src/manager/crypto/generic-backend/crypto-params.h index ae23fba..41a4461 100644 --- a/src/manager/crypto/generic-backend/crypto-params.h +++ b/src/manager/crypto/generic-backend/crypto-params.h @@ -27,6 +27,7 @@ class Params { public: static const size_t DEFAULT_AES_IV_LEN = 16; // max acceptable size of IV + static const size_t DEFAULT_AES_GCM_IV_LEN = 12; // default size of IV in GCM mode static const int DEFAULT_AES_GCM_TAG_LEN_BYTES = 16; // length of AES GCM tag static const int DEFAULT_AES_GCM_TAG_LEN_BITS = DEFAULT_AES_GCM_TAG_LEN_BYTES * 8; static const int DERIVED_KEY_LENGTH = 16; // length of AES key derived from password in bytes diff --git a/unit-tests/test_sw-backend.cpp b/unit-tests/test_sw-backend.cpp index 19879ae..7c6a760 100644 --- a/unit-tests/test_sw-backend.cpp +++ b/unit-tests/test_sw-backend.cpp @@ -645,9 +645,17 @@ NEGATIVE_TEST_CASE(symmetricEncryptDecryptGcm) // wrong iv auto wrongIv = iv; - wrongIv[0] ^= 0x1; + wrongIv[iv.size() - 1] ^= 0x1; ca2.setParam(ParamName::ED_IV, wrongIv); BOOST_REQUIRE_THROW(key->decrypt(ca2, encrypted), Exc::Crypto::InputParam); + + // shortened iv + auto shortenedIv = iv; + static_assert(Params::DEFAULT_AES_GCM_IV_LEN < Params::DEFAULT_AES_IV_LEN); + shortenedIv.resize(Params::DEFAULT_AES_GCM_IV_LEN); + ca2.setParam(ParamName::ED_IV, shortenedIv); + BOOST_REQUIRE_THROW(key->decrypt(ca2, encrypted), Exc::Crypto::InputParam); + ca2.setParam(ParamName::ED_IV, iv); // wrong ciphertext -- 2.7.4