Use exact-size buffers for testing auth_xxcrypt()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This commit is contained in:
parent
f5cf71e14a
commit
9b2a78966f
1 changed files with 37 additions and 21 deletions
|
@ -1035,14 +1035,9 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
|
|||
|
||||
#if !defined(MBEDTLS_DEPRECATED_WARNING) && \
|
||||
!defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
unsigned char output[300]; /* Temporary buffer for results of
|
||||
* encryption and decryption. */
|
||||
unsigned char *output_tag = NULL; /* Temporary buffer for tag in the
|
||||
* encryption step. */
|
||||
unsigned char *tmp_tag = NULL;
|
||||
unsigned char *tmp_cipher = NULL;
|
||||
|
||||
memset( output, 0xFF, sizeof( output ) );
|
||||
unsigned char *tag_buf = NULL;
|
||||
#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
mbedtls_cipher_init( &ctx );
|
||||
|
@ -1234,11 +1229,11 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
|
|||
* Authenticate and decrypt, and check result
|
||||
*/
|
||||
|
||||
/* Sanity check that we don't use overly long inputs. */
|
||||
TEST_ASSERT( sizeof( output ) >= cipher->len );
|
||||
|
||||
/* We can't pass a NULL output buffer to this funciton */
|
||||
ASSERT_ALLOC( decrypt_buf, cipher->len ? cipher->len : 1 );
|
||||
outlen = 0;
|
||||
ret = mbedtls_cipher_auth_decrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
|
||||
tmp_cipher, cipher->len, output, &outlen,
|
||||
tmp_cipher, cipher->len, decrypt_buf, &outlen,
|
||||
tmp_tag, tag->len );
|
||||
|
||||
if( using_nist_kw )
|
||||
|
@ -1257,9 +1252,14 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
|
|||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
TEST_ASSERT( outlen == clear->len );
|
||||
TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 );
|
||||
TEST_ASSERT( memcmp( decrypt_buf, clear->x, clear->len ) == 0 );
|
||||
}
|
||||
|
||||
mbedtls_free( decrypt_buf );
|
||||
decrypt_buf = NULL;
|
||||
mbedtls_free( cipher_plus_tag );
|
||||
cipher_plus_tag = NULL;
|
||||
|
||||
/*
|
||||
* Encrypt back if test data was authentic
|
||||
*/
|
||||
|
@ -1269,19 +1269,31 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
|
|||
cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
|
||||
MBEDTLS_ENCRYPT );
|
||||
|
||||
/* prepare buffers for encryption */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( use_psa )
|
||||
{
|
||||
ASSERT_ALLOC( cipher_plus_tag, cipher->len + tag->len );
|
||||
tmp_cipher = cipher_plus_tag;
|
||||
tmp_tag = cipher_plus_tag + cipher->len;
|
||||
}
|
||||
else
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
{
|
||||
/* can't pass a NULL output buffer to this function */
|
||||
ASSERT_ALLOC( encrypt_buf, cipher->len ? cipher->len : 1 );
|
||||
ASSERT_ALLOC( tag_buf, tag->len );
|
||||
tmp_cipher = encrypt_buf;
|
||||
tmp_tag = tag_buf;
|
||||
}
|
||||
|
||||
/*
|
||||
* Encrypt and check the result
|
||||
*/
|
||||
memset( output, 0xFF, sizeof( output ) );
|
||||
outlen = 0;
|
||||
|
||||
/* Sanity check that we don't use overly long inputs. */
|
||||
TEST_ASSERT( sizeof( output ) >= clear->len + tag->len );
|
||||
|
||||
output_tag = output + clear->len;
|
||||
ret = mbedtls_cipher_auth_encrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
|
||||
clear->x, clear->len, output, &outlen,
|
||||
output_tag, tag->len );
|
||||
clear->x, clear->len, tmp_cipher, &outlen,
|
||||
tmp_tag, tag->len );
|
||||
|
||||
if( using_nist_kw )
|
||||
{
|
||||
|
@ -1292,8 +1304,8 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
|
|||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
TEST_ASSERT( outlen == cipher->len );
|
||||
TEST_ASSERT( memcmp( output, cipher->x, cipher->len ) == 0 );
|
||||
TEST_ASSERT( memcmp( output_tag, tag->x, tag->len ) == 0 );
|
||||
TEST_ASSERT( memcmp( tmp_cipher, cipher->x, cipher->len ) == 0 );
|
||||
TEST_ASSERT( memcmp( tmp_tag, tag->x, tag->len ) == 0 );
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1305,6 +1317,10 @@ exit:
|
|||
mbedtls_free( decrypt_buf );
|
||||
mbedtls_free( encrypt_buf );
|
||||
mbedtls_free( cipher_plus_tag );
|
||||
#if !defined(MBEDTLS_DEPRECATED_WARNING) && \
|
||||
!defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
mbedtls_free( tag_buf );
|
||||
#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( use_psa == 1 )
|
||||
|
|
Loading…
Reference in a new issue