diff options
| author | Jack Lloyd <[email protected]> | 2018-09-29 06:39:03 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2018-09-29 20:59:34 -0400 |
| commit | bdc32a98b97c97145054edfa217569351ff41baa (patch) | |
| tree | 464bde438661b6e10f0355286e1eb0c68ef68217 /src/lib/modes | |
| parent | d213317da6065e3c1a149fac33fd16db500b60f6 (diff) | |
Refactor mode tests, and correct bugs found
Several problems in CBC found by adding tests
- If you set a key, then set a nonce, then set a new key,
you could encrypt without setting a new nonce.
- It was possible to call CBC finish without setting a nonce,
which would crash.
- If you had an CBC decryption object, set a key, set a nonce, then
reset message state, it should throw because no nonce is set.
Instead it would carry on using an all-zero nonce.
Disable CommonCrypto with PKCS7 padding as it seems to have some
problem that I cannot figure out from the build logs.
This work sponsored by Ribose Inc
Diffstat (limited to 'src/lib/modes')
| -rw-r--r-- | src/lib/modes/cbc/cbc.cpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/modes/cbc/cbc.cpp b/src/lib/modes/cbc/cbc.cpp index 76b78e4f6..c01fc4328 100644 --- a/src/lib/modes/cbc/cbc.cpp +++ b/src/lib/modes/cbc/cbc.cpp @@ -2,6 +2,7 @@ * CBC Mode * (C) 1999-2007,2013,2017 Jack Lloyd * (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity +* (C) 2018 Ribose Inc * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -65,6 +66,7 @@ bool CBC_Mode::valid_nonce_length(size_t n) const void CBC_Mode::key_schedule(const uint8_t key[], size_t length) { m_cipher->set_key(key, length); + m_state.clear(); } void CBC_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) @@ -124,6 +126,7 @@ size_t CBC_Encryption::process(uint8_t buf[], size_t sz) void CBC_Encryption::finish(secure_vector<uint8_t>& buffer, size_t offset) { + BOTAN_STATE_CHECK(state().empty() == false); BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane"); const size_t BS = block_size(); @@ -155,6 +158,7 @@ size_t CTS_Encryption::output_length(size_t input_length) const void CTS_Encryption::finish(secure_vector<uint8_t>& buffer, size_t offset) { + BOTAN_STATE_CHECK(state().empty() == false); BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane"); uint8_t* buf = buffer.data() + offset; const size_t sz = buffer.size() - offset; @@ -237,6 +241,7 @@ size_t CBC_Decryption::process(uint8_t buf[], size_t sz) void CBC_Decryption::finish(secure_vector<uint8_t>& buffer, size_t offset) { + BOTAN_STATE_CHECK(state().empty() == false); BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane"); const size_t sz = buffer.size() - offset; @@ -257,7 +262,7 @@ void CBC_Decryption::finish(secure_vector<uint8_t>& buffer, size_t offset) void CBC_Decryption::reset() { - zeroise(state()); + CBC_Mode::reset(); zeroise(m_tempbuf); } @@ -273,6 +278,7 @@ size_t CTS_Decryption::minimum_final_size() const void CTS_Decryption::finish(secure_vector<uint8_t>& buffer, size_t offset) { + BOTAN_STATE_CHECK(state().empty() == false); BOTAN_ASSERT(buffer.size() >= offset, "Offset is sane"); const size_t sz = buffer.size() - offset; uint8_t* buf = buffer.data() + offset; |