narenas
/
opengnsys_ipxe
mirror of https://github.com/ipxe/ipxe.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[tests] Verify ability to reset cipher initialisation vector 

TLS relies upon the ability to reuse a cipher by resetting only the
initialisation vector while reusing the existing key.

Add verification of resetting the initialisation vector to the cipher
self-tests.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
pull/801/head
Michael Brown 2022-11-09 16:14:42 +00:00
parent 63577207ab
commit 63fdd9b581
1 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/tests/cipher_test.c
View File

@ -81,6 +81,25 @@ void cipher_encrypt_okx ( struct cipher_test *test, const char *file,
okx ( cipher->authsize == test->auth_len, file, line );
cipher_auth ( cipher, ctx, auth );
okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
/* Reset initialisation vector */
cipher_setiv ( cipher, ctx, test->iv, test->iv_len );
/* Process additional data, if applicable */
if ( test->additional_len ) {
cipher_encrypt ( cipher, ctx, test->additional, NULL,
test->additional_len );
}
/* Perform encryption */
cipher_encrypt ( cipher, ctx, test->plaintext, ciphertext, len );
/* Compare against expected ciphertext */
okx ( memcmp ( ciphertext, test->ciphertext, len ) == 0, file, line );
/* Check authentication tag */
cipher_auth ( cipher, ctx, auth );
okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
}
/**
@ -120,6 +139,25 @@ void cipher_decrypt_okx ( struct cipher_test *test, const char *file,
okx ( cipher->authsize == test->auth_len, file, line );
cipher_auth ( cipher, ctx, auth );
okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
/* Reset initialisation vector */
cipher_setiv ( cipher, ctx, test->iv, test->iv_len );
/* Process additional data, if applicable */
if ( test->additional_len ) {
cipher_decrypt ( cipher, ctx, test->additional, NULL,
test->additional_len );
}
/* Perform decryption */
cipher_decrypt ( cipher, ctx, test->ciphertext, plaintext, len );
/* Compare against expected plaintext */
okx ( memcmp ( plaintext, test->plaintext, len ) == 0, file, line );
/* Check authentication tag */
cipher_auth ( cipher, ctx, auth );
okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
}
/**