diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/tls/tls_cbc/tls_cbc.cpp | 13 | ||||
-rw-r--r-- | src/lib/tls/tls_cbc/tls_cbc.h | 8 | ||||
-rw-r--r-- | src/tests/data/tls_cbc.vec | 36 | ||||
-rw-r--r-- | src/tests/test_tls_cbc.cpp | 40 |
4 files changed, 88 insertions, 9 deletions
diff --git a/src/lib/tls/tls_cbc/tls_cbc.cpp b/src/lib/tls/tls_cbc/tls_cbc.cpp index 69aa9725d..e0e631cc7 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.cpp +++ b/src/lib/tls/tls_cbc/tls_cbc.cpp @@ -211,9 +211,6 @@ void TLS_CBC_HMAC_AEAD_Encryption::finish(secure_vector<uint8_t>& buffer, size_t } } -namespace { - - /* * Checks the TLS padding. Returns 0 if the padding is invalid (we * count the padding_length field as part of the padding size so a @@ -225,7 +222,7 @@ namespace { * Returning 0 in the error case should ensure the MAC check will fail. * This approach is suggested in section 6.2.3.2 of RFC 5246. */ -uint16_t check_tls_padding(const uint8_t record[], size_t record_len) +uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len) { /* * TLS v1.0 and up require all the padding bytes be the same value @@ -246,8 +243,6 @@ uint16_t check_tls_padding(const uint8_t record[], size_t record_len) return CT::select<uint16_t>(pad_invalid_mask, 0, pad_byte + 1); } -} - void TLS_CBC_HMAC_AEAD_Decryption::cbc_decrypt_record(uint8_t record_contents[], size_t record_len) { BOTAN_ASSERT(record_len % block_size() == 0, @@ -315,7 +310,7 @@ size_t TLS_CBC_HMAC_AEAD_Decryption::output_length(size_t) const * no compressions are performed. * * Note that the padding validation in Botan is always performed over -* min(plen,256) bytes, see the function check_tls_padding. This differs +* min(plen,256) bytes, see the function check_tls_cbc_padding. This differs * from the countermeasure described in the paper. * * Note that the padding length padlen does also count the last byte @@ -406,7 +401,7 @@ void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<uint8_t>& buffer, size_t cbc_decrypt_record(record_contents, enc_size); // 0 if padding was invalid, otherwise 1 + padding_bytes - uint16_t pad_size = check_tls_padding(record_contents, enc_size); + uint16_t pad_size = check_tls_cbc_padding(record_contents, enc_size); // No oracle here, whoever sent us this had the key since MAC check passed if(pad_size == 0) @@ -426,7 +421,7 @@ void TLS_CBC_HMAC_AEAD_Decryption::finish(secure_vector<uint8_t>& buffer, size_t CT::poison(record_contents, record_len); // 0 if padding was invalid, otherwise 1 + padding_bytes - uint16_t pad_size = check_tls_padding(record_contents, record_len); + uint16_t pad_size = check_tls_cbc_padding(record_contents, record_len); /* This mask is zero if there is not enough room in the packet to get a valid MAC. diff --git a/src/lib/tls/tls_cbc/tls_cbc.h b/src/lib/tls/tls_cbc/tls_cbc.h index d0fc1fb61..f09e0ad39 100644 --- a/src/lib/tls/tls_cbc/tls_cbc.h +++ b/src/lib/tls/tls_cbc/tls_cbc.h @@ -166,6 +166,14 @@ class BOTAN_TEST_API TLS_CBC_HMAC_AEAD_Decryption final : public TLS_CBC_HMAC_AE void perform_additional_compressions(size_t plen, size_t padlen); }; +/** +* Check the TLS padding of a record +* @param record the record bits +* @param record_len length of record +* @return 0 if padding is invalid, otherwise padding_bytes + 1 +*/ +BOTAN_TEST_API uint16_t check_tls_cbc_padding(const uint8_t record[], size_t record_len); + } } diff --git a/src/tests/data/tls_cbc.vec b/src/tests/data/tls_cbc.vec new file mode 100644 index 000000000..51153bb10 --- /dev/null +++ b/src/tests/data/tls_cbc.vec @@ -0,0 +1,36 @@ + +Record = 00 +Output = 1 + +Record = 0101 +Output = 2 + +Record = 0201 +Output = 0 + +Record = 09030303 +Output = 0 + +Record = 0903030303 +Output = 4 + +Record = FFFFFFFFFFFFFFFFFF03030303 +Output = 4 + +Record = FFFFFF00 +Output = 1 + +Record = FFFFFF01010101 +Output = 2 + +Record = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00 +Output = 1 + +Record = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF090909090909090909090909 +Output = 10 + +Record =  @                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQE +Output = 256 + +Record =  @                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            QEMQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQE +Output = 0 diff --git a/src/tests/test_tls_cbc.cpp b/src/tests/test_tls_cbc.cpp new file mode 100644 index 000000000..5ff242806 --- /dev/null +++ b/src/tests/test_tls_cbc.cpp @@ -0,0 +1,40 @@ +/* +* (C) 2017 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "tests.h" + +#if defined(BOTAN_HAS_TLS_CBC) + #include <botan/internal/tls_cbc.h> +#endif + +namespace Botan_Tests { + +#if defined(BOTAN_HAS_TLS_CBC) + +class TLS_CBC_Padding_Tests : public Text_Based_Test + { + public: + TLS_CBC_Padding_Tests() : Text_Based_Test("tls_cbc.vec", "Record,Output") {} + + Test::Result run_one_test(const std::string& algo, const VarMap& vars) override + { + const std::vector<uint8_t> record = get_req_bin(vars, "Record"); + const size_t output = get_req_sz(vars, "Output"); + + uint16_t res = Botan::TLS::check_tls_cbc_padding(record.data(), record.size()); + + Test::Result result("TLS CBC padding check"); + result.test_eq("Expected", res, output); + return result; + } + }; + +BOTAN_REGISTER_TEST("tls_cbc_padding", TLS_CBC_Padding_Tests); + +#endif + +} + |