Handle setting AD after a nonce correctly in AEADs

In some cases (EAX, GCM, ChaCha20Poly1305) the mode does not handle this. However previously it handled it incorrectly by producing incorrect output. Instead reject it with an exception. Add a test that, if the mode accepts an AD before the nonce, then it must process the message correctly. This is similar to the existing test that if the mode accepts an AD before the key is set it must do the right thing with it.
author: Jack Lloyd <[email protected]> 2018-10-31 11:15:57 -0400
committer: Jack Lloyd <[email protected]> 2018-10-31 11:15:57 -0400
commit: 22448d46f7c831598beee2286af88ac675d84aed (patch)
tree: 9c67766f7f5b078170979bad2e688a22266ac2ba /src/tests
parent: 6c2b09874b5e5d290f9764dc7ef31b45a16513eb (diff)
1 files changed, 29 insertions, 4 deletions
diff --git a/src/tests/test_aead.cpp b/src/tests/test_aead.cpp
index 003f7c886..c31eaecdf 100644
--- a/src/tests/test_aead.cpp
+++ b/src/tests/test_aead.cpp
@@ -70,10 +70,24 @@ class AEAD_Tests final : public Text_Based_Test
          // reset message specific state
          enc->reset();
 
-         // now try to encrypt with correct values
-         enc->set_ad(ad);
+         /*
+         Now try to set the AD *after* setting the nonce
+         For some modes this works, for others it does not.
+         */
          enc->start(nonce);
 
+         try
+            {
+            enc->set_ad(ad);
+            }
+         catch(Botan::Invalid_State&)
+            {
+            // ad after setting nonce rejected, in this case we need to reset
+            enc->reset();
+            enc->set_ad(ad);
+            enc->start(nonce);
+            }
+
          Botan::secure_vector<uint8_t> buf(input.begin(), input.end());
 
          // have to check here first if input is empty if not we can test update() and eventually process()
@@ -221,8 +235,19 @@ class AEAD_Tests final : public Text_Based_Test
          try
             {
             // now try to decrypt with correct values
-            dec->set_ad(ad);
-            dec->start(nonce);
+
+            try
+               {
+               dec->start(nonce);
+               dec->set_ad(ad);
+               }
+            catch(Botan::Invalid_State&)
+               {
+               // ad after setting nonce rejected, in this case we need to reset
+               dec->reset();
+               dec->set_ad(ad);
+               dec->start(nonce);
+            }
 
             // test finish() with full input
             dec->finish(buf);
author	Jack Lloyd <[email protected]>	2018-10-31 11:15:57 -0400
committer	Jack Lloyd <[email protected]>	2018-10-31 11:15:57 -0400
commit	22448d46f7c831598beee2286af88ac675d84aed (patch)
tree	9c67766f7f5b078170979bad2e688a22266ac2ba /src/tests
parent	6c2b09874b5e5d290f9764dc7ef31b45a16513eb (diff)