From b7005fdc0094cd77d83e982b2d9c586303a09b80 Mon Sep 17 00:00:00 2001 From: Daniel Neus Date: Tue, 19 Jul 2016 16:33:38 +0200 Subject: fix SipHash::clear() and MAC test improvements Fix for SipHash::clear() which does not clear the complete state. Test additions: - add a test for MessageAuthenticationCode::verify_mac() - test MessageAuthenticationCode::clear() --- src/lib/mac/siphash/siphash.cpp | 7 ++++--- src/tests/test_mac.cpp | 20 +++++++++++++++++++- 2 files changed, 23 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/lib/mac/siphash/siphash.cpp b/src/lib/mac/siphash/siphash.cpp index 4a9ffe8ea..cb72f771c 100644 --- a/src/lib/mac/siphash/siphash.cpp +++ b/src/lib/mac/siphash/siphash.cpp @@ -85,9 +85,7 @@ void SipHash::final_result(byte mac[]) store_le(X, mac); - m_mbuf = 0; - m_mbuf_pos = 0; - m_words = 0; + clear(); } void SipHash::key_schedule(const byte key[], size_t) @@ -105,6 +103,9 @@ void SipHash::key_schedule(const byte key[], size_t) void SipHash::clear() { m_V.clear(); + m_mbuf = 0; + m_mbuf_pos = 0; + m_words = 0; } std::string SipHash::name() const diff --git a/src/tests/test_mac.cpp b/src/tests/test_mac.cpp index 8bc58e0e1..c7efb7f08 100644 --- a/src/tests/test_mac.cpp +++ b/src/tests/test_mac.cpp @@ -51,11 +51,21 @@ class Message_Auth_Tests : public Text_Based_Test result.test_eq(provider, mac->name(), algo); mac->set_key(key); - mac->update(input); result.test_eq(provider, "correct mac", mac->final(), expected); + // Test to make sure clear() resets what we need it to + mac->set_key( key ); + mac->update( "some discarded input"); + mac->clear(); + + // do the same to test verify_mac() + mac->set_key(key); + mac->update(input); + + result.test_eq(provider + " correct mac", mac->verify_mac(expected.data(), expected.size()), true); + if(input.size() > 2) { mac->set_key(key); // Poly1305 requires the re-key @@ -64,6 +74,14 @@ class Message_Auth_Tests : public Text_Based_Test mac->update(input[input.size()-1]); result.test_eq(provider, "split mac", mac->final(), expected); + + // do the same to test verify_mac() + mac->set_key(key); + mac->update(input[ 0 ]); + mac->update(&input[ 1 ], input.size() - 2); + mac->update(input[ input.size() - 1 ]); + + result.test_eq(provider + " split mac", mac->verify_mac(expected.data(), expected.size()), true); } } -- cgit v1.2.3