From 22448d46f7c831598beee2286af88ac675d84aed Mon Sep 17 00:00:00 2001 From: Jack Lloyd Date: Wed, 31 Oct 2018 11:15:57 -0400 Subject: Handle setting AD after a nonce correctly in AEADs In some cases (EAX, GCM, ChaCha20Poly1305) the mode does not handle this. However previously it handled it incorrectly by producing incorrect output. Instead reject it with an exception. Add a test that, if the mode accepts an AD before the nonce, then it must process the message correctly. This is similar to the existing test that if the mode accepts an AD before the key is set it must do the right thing with it. --- src/tests/test_aead.cpp | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) (limited to 'src/tests') diff --git a/src/tests/test_aead.cpp b/src/tests/test_aead.cpp index 003f7c886..c31eaecdf 100644 --- a/src/tests/test_aead.cpp +++ b/src/tests/test_aead.cpp @@ -70,10 +70,24 @@ class AEAD_Tests final : public Text_Based_Test // reset message specific state enc->reset(); - // now try to encrypt with correct values - enc->set_ad(ad); + /* + Now try to set the AD *after* setting the nonce + For some modes this works, for others it does not. + */ enc->start(nonce); + try + { + enc->set_ad(ad); + } + catch(Botan::Invalid_State&) + { + // ad after setting nonce rejected, in this case we need to reset + enc->reset(); + enc->set_ad(ad); + enc->start(nonce); + } + Botan::secure_vector buf(input.begin(), input.end()); // have to check here first if input is empty if not we can test update() and eventually process() @@ -221,8 +235,19 @@ class AEAD_Tests final : public Text_Based_Test try { // now try to decrypt with correct values - dec->set_ad(ad); - dec->start(nonce); + + try + { + dec->start(nonce); + dec->set_ad(ad); + } + catch(Botan::Invalid_State&) + { + // ad after setting nonce rejected, in this case we need to reset + dec->reset(); + dec->set_ad(ad); + dec->start(nonce); + } // test finish() with full input dec->finish(buf); -- cgit v1.2.3