diff options
| author | Michael Brown <mcb30@ipxe.org> | 2022-11-09 16:14:42 +0000 |
|---|---|---|
| committer | Michael Brown <mcb30@ipxe.org> | 2022-11-09 16:54:13 +0000 |
| commit | 63fdd9b5816c752120c315c04c1d6878f3c13143 (patch) | |
| tree | c6afd7d0ab495f9f944ec3b694027f6288399a0b | |
| parent | 63577207ab95a53b29c1fa441be25ee15747bbe0 (diff) | |
| download | ipxe-63fdd9b5816c752120c315c04c1d6878f3c13143.zip ipxe-63fdd9b5816c752120c315c04c1d6878f3c13143.tar.gz ipxe-63fdd9b5816c752120c315c04c1d6878f3c13143.tar.bz2 | |
[tests] Verify ability to reset cipher initialisation vector
TLS relies upon the ability to reuse a cipher by resetting only the
initialisation vector while reusing the existing key.
Add verification of resetting the initialisation vector to the cipher
self-tests.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
| -rw-r--r-- | src/tests/cipher_test.c | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/src/tests/cipher_test.c b/src/tests/cipher_test.c index 2ead3c8..0d0eac1 100644 --- a/src/tests/cipher_test.c +++ b/src/tests/cipher_test.c @@ -81,6 +81,25 @@ void cipher_encrypt_okx ( struct cipher_test *test, const char *file, okx ( cipher->authsize == test->auth_len, file, line ); cipher_auth ( cipher, ctx, auth ); okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line ); + + /* Reset initialisation vector */ + cipher_setiv ( cipher, ctx, test->iv, test->iv_len ); + + /* Process additional data, if applicable */ + if ( test->additional_len ) { + cipher_encrypt ( cipher, ctx, test->additional, NULL, + test->additional_len ); + } + + /* Perform encryption */ + cipher_encrypt ( cipher, ctx, test->plaintext, ciphertext, len ); + + /* Compare against expected ciphertext */ + okx ( memcmp ( ciphertext, test->ciphertext, len ) == 0, file, line ); + + /* Check authentication tag */ + cipher_auth ( cipher, ctx, auth ); + okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line ); } /** @@ -120,6 +139,25 @@ void cipher_decrypt_okx ( struct cipher_test *test, const char *file, okx ( cipher->authsize == test->auth_len, file, line ); cipher_auth ( cipher, ctx, auth ); okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line ); + + /* Reset initialisation vector */ + cipher_setiv ( cipher, ctx, test->iv, test->iv_len ); + + /* Process additional data, if applicable */ + if ( test->additional_len ) { + cipher_decrypt ( cipher, ctx, test->additional, NULL, + test->additional_len ); + } + + /* Perform decryption */ + cipher_decrypt ( cipher, ctx, test->ciphertext, plaintext, len ); + + /* Compare against expected plaintext */ + okx ( memcmp ( plaintext, test->plaintext, len ) == 0, file, line ); + + /* Check authentication tag */ + cipher_auth ( cipher, ctx, auth ); + okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line ); } /** |