...
 
Commits (3)
2019-09-30 Niels Möller <nisse@lysator.liu.se>
* testsuite/siv-test.c (test_cipher_siv): Fix out-of-bounds read.
Trim allocation size for de_data, drop some uses of
SIV_DIGEST_SIZE, call FAIL for unexpected returned values.
(test_compare_results): Delete digest argument.
2019-09-15 Niels Möller <nisse@lysator.liu.se>
From Dmitry Eremin-Solenikov:
......
......@@ -234,7 +234,7 @@ void
ecc_mod_submul_1 (const struct ecc_modulo *m, mp_limb_t *rp,
const mp_limb_t *ap, mp_limb_t b);
/* NOTE: mul and sqr needs 2*ecc->size limbs at rp */
/* The mul and sqr functions need 2*m->size limbs at rp */
void
ecc_mod_mul (const struct ecc_modulo *m, mp_limb_t *rp,
const mp_limb_t *ap, const mp_limb_t *bp);
......@@ -281,9 +281,10 @@ ecc_a_to_j (const struct ecc_curve *ecc,
/* Converts a point P in jacobian coordinates into a point R in affine
coordinates. If op == 1, produce x coordinate only. If op == 2,
produce the x coordiante only, and in also it modulo q. FIXME: For
the public interface, have separate for the three cases, and use
this flag argument only for the internal ecc->h_to_a function. */
produce the x coordinate only, and also reduce it modulo q. FIXME:
For the public interface, have separate functions for the three
cases, and use this flag argument only for the internal ecc->h_to_a
function. */
void
ecc_j_to_a (const struct ecc_curve *ecc,
int op,
......
......@@ -63,22 +63,8 @@ test_compare_results(const char *name,
const struct tstring *e_cipher,
/* Actual results. */
const void *clear,
const void *cipher,
const void *digest) /* digest optional. */
const void *cipher)
{
if (digest && !MEMEQ(SIV_DIGEST_SIZE, e_cipher->data, digest))
{
fprintf(stderr, "%s digest failed:\nAdata:", name);
tstring_print_hex(adata);
fprintf(stderr, "\nInput: ");
tstring_print_hex(e_clear);
fprintf(stderr, "\nOutput: ");
print_hex(SIV_DIGEST_SIZE, digest);
fprintf(stderr, "\nExpected:");
print_hex(SIV_DIGEST_SIZE, e_cipher->data);
fprintf(stderr, "\n");
FAIL();
}
if (!MEMEQ(e_cipher->length, e_cipher->data, cipher))
{
fprintf(stderr, "%s: encryption failed\nAdata: ", name);
......@@ -127,7 +113,7 @@ test_cipher_siv(const char *name,
ASSERT (key->length == key_size);
ASSERT (cleartext->length + SIV_DIGEST_SIZE == ciphertext->length);
de_data = xalloc(cleartext->length+SIV_DIGEST_SIZE);
de_data = xalloc(cleartext->length);
en_data = xalloc(ciphertext->length);
/* Ensure we get the same answers using the all-in-one API. */
......@@ -137,37 +123,44 @@ test_cipher_siv(const char *name,
siv_set_key(ctx, key->data);
siv_encrypt(ctx, nonce->length, nonce->data,
authdata->length, authdata->data,
cleartext->length+SIV_DIGEST_SIZE, en_data, cleartext->data);
ciphertext->length, en_data, cleartext->data);
ret = siv_decrypt(ctx, nonce->length, nonce->data,
authdata->length, authdata->data,
cleartext->length, de_data, ciphertext->data);
if (ret != 1) fprintf(stderr, "siv_decrypt_message failed to validate message\n");
test_compare_results(name, authdata,
cleartext, ciphertext, de_data, en_data, NULL);
if (ret != 1)
{
fprintf(stderr, "siv_decrypt_message failed to validate message\n");
FAIL();
}
test_compare_results(name, authdata,
cleartext, ciphertext, de_data, en_data, en_data);
cleartext, ciphertext, de_data, en_data);
/* Ensure that we can detect corrupted message or tag data. */
en_data[0] ^= 1;
ret = siv_decrypt(ctx, nonce->length, nonce->data,
authdata->length, authdata->data,
ciphertext->length, de_data, en_data);
if (ret != 0) fprintf(stderr, "siv_decrypt_message failed to detect corrupted message\n");
cleartext->length, de_data, en_data);
if (ret != 0)
{
fprintf(stderr, "siv_decrypt_message failed to detect corrupted message\n");
FAIL();
}
/* Ensure we can detect corrupted adata. */
if (authdata->length) {
en_data[0] ^= 1;
ret = siv_decrypt(ctx, nonce->length, nonce->data,
authdata->length-1, authdata->data,
ciphertext->length, de_data, en_data);
if (ret != 0) fprintf(stderr, "siv_decrypt_message failed to detect corrupted message\n");
cleartext->length, de_data, en_data);
if (ret != 0)
{
fprintf(stderr, "siv_decrypt_message failed to detect corrupted message\n");
FAIL();
}
}
free(ctx);
free(en_data);
free(de_data);
......