From 18af8859a5c007c6df47181be0fabf2913204979 Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Fri, 17 Aug 2018 17:09:26 -0400 Subject: Fix an EAX bug in reset() It failed to reset any data that had been fed into CMAC so far, so a sequence with eax->set_key(key); eax->start(nonce); eax->process(discarded_bits); eax->reset(); eax->start(second_nonce); eax->process(second_msg); would produce incorrect results --- src/lib/modes/aead/eax/eax.cpp | 8 ++++++++ src/tests/test_aead.cpp | 11 ++++------- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/src/lib/modes/aead/eax/eax.cpp b/src/lib/modes/aead/eax/eax.cpp index dbd916db9..a03c5e802 100644 --- a/src/lib/modes/aead/eax/eax.cpp +++ b/src/lib/modes/aead/eax/eax.cpp @@ -57,6 +57,12 @@ void EAX_Mode::reset() { m_ad_mac.clear(); m_nonce_mac.clear(); + + // Clear out any data added to the CMAC calculation + try { + m_cmac->final(); + } + catch(Key_Not_Set&) {} } std::string EAX_Mode::name() const @@ -115,6 +121,7 @@ void EAX_Mode::start_msg(const uint8_t nonce[], size_t nonce_len) size_t EAX_Encryption::process(uint8_t buf[], size_t sz) { + BOTAN_ASSERT_NOMSG(m_nonce_mac.empty() == false); m_ctr->cipher(buf, buf, sz); m_cmac->update(buf, sz); return sz; @@ -122,6 +129,7 @@ size_t EAX_Encryption::process(uint8_t buf[], size_t sz) void EAX_Encryption::finish(secure_vector& buffer, size_t offset) { + BOTAN_ASSERT_NOMSG(m_nonce_mac.empty() == false); update(buffer, offset); secure_vector data_mac = m_cmac->final(); diff --git a/src/tests/test_aead.cpp b/src/tests/test_aead.cpp index ce9c3e095..992278c0f 100644 --- a/src/tests/test_aead.cpp +++ b/src/tests/test_aead.cpp @@ -1,5 +1,5 @@ /* -* (C) 2014,2015,2016 Jack Lloyd +* (C) 2014,2015,2016,2018 Jack Lloyd * (C) 2016 Daniel Neus, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) @@ -44,9 +44,8 @@ class AEAD_Tests final : public Text_Based_Test [&]() { enc->set_associated_data(ad.data(), ad.size()); }); } - // First some tests for reset() to make sure it resets what we need it to - // set garbage values - enc->set_key(mutate_vec(key)); + // Ensure that test resets AD and message state + enc->set_key(key); enc->set_ad(mutate_vec(ad)); enc->start(mutate_vec(nonce)); @@ -57,7 +56,6 @@ class AEAD_Tests final : public Text_Based_Test enc->reset(); // now try to encrypt with correct values - enc->set_key(key); enc->set_ad(ad); enc->start(nonce); @@ -178,7 +176,7 @@ class AEAD_Tests final : public Text_Based_Test // First some tests for reset() to make sure it resets what we need it to // set garbage values - dec->set_key(mutate_vec(key)); + dec->set_key(key); dec->set_ad(mutate_vec(ad)); dec->start(mutate_vec(nonce)); @@ -192,7 +190,6 @@ class AEAD_Tests final : public Text_Based_Test try { // now try to decrypt with correct values - dec->set_key(key); dec->set_ad(ad); dec->start(nonce); -- cgit v1.2.3