Test proper GCM IV length handling

GCM implementation was using only the first 12B of IV regardless of its
actual length. This modification makes the test check if the remaining
bytes of the IV are ignored.

Change-Id: I94281747bbe9363854484844fa038ae9bcd47a19

diff --git a/src/manager/crypto/generic-backend/crypto-params.h b/src/manager/crypto/generic-backend/crypto-params.h
index ae23fba..41a4461 100644 (file)
--- a/src/manager/crypto/generic-backend/crypto-params.h
+++ b/src/manager/crypto/generic-backend/crypto-params.h
@@ -27,6 +27,7 @@ class Params
 {
 public:
        static const size_t DEFAULT_AES_IV_LEN = 16; // max acceptable size of IV
+       static const size_t DEFAULT_AES_GCM_IV_LEN = 12; // default size of IV in GCM mode
        static const int DEFAULT_AES_GCM_TAG_LEN_BYTES = 16; // length of AES GCM tag
        static const int DEFAULT_AES_GCM_TAG_LEN_BITS = DEFAULT_AES_GCM_TAG_LEN_BYTES * 8;
        static const int DERIVED_KEY_LENGTH = 16; // length of AES key derived from password in bytes

diff --git a/unit-tests/test_sw-backend.cpp b/unit-tests/test_sw-backend.cpp
index 19879ae..7c6a760 100644 (file)
--- a/unit-tests/test_sw-backend.cpp
+++ b/unit-tests/test_sw-backend.cpp
@@ -645,9 +645,17 @@ NEGATIVE_TEST_CASE(symmetricEncryptDecryptGcm)
 
        // wrong iv
        auto wrongIv = iv;
-       wrongIv[0] ^= 0x1;
+       wrongIv[iv.size() - 1] ^= 0x1;
        ca2.setParam(ParamName::ED_IV, wrongIv);
        BOOST_REQUIRE_THROW(key->decrypt(ca2, encrypted), Exc::Crypto::InputParam);
+
+       // shortened iv
+       auto shortenedIv = iv;
+       static_assert(Params::DEFAULT_AES_GCM_IV_LEN < Params::DEFAULT_AES_IV_LEN);
+       shortenedIv.resize(Params::DEFAULT_AES_GCM_IV_LEN);
+       ca2.setParam(ParamName::ED_IV, shortenedIv);
+       BOOST_REQUIRE_THROW(key->decrypt(ca2, encrypted), Exc::Crypto::InputParam);
+
        ca2.setParam(ParamName::ED_IV, iv);
 
        // wrong ciphertext