diff options
| author | Daniel P. Berrange <berrange@redhat.com> | 2015-10-16 16:35:06 +0100 |
|---|---|---|
| committer | Daniel P. Berrange <berrange@redhat.com> | 2015-10-22 19:03:08 +0100 |
| commit | 3a661f1eabf7e8db66e28489884d9b54aacb94ea (patch) | |
| tree | 4a0b45548a6eb797c9c254797f065b2b5cd9b33e /tests | |
| parent | eb2a770b178b9040c3fc04ee31dc38d1775db09a (diff) | |
| download | qemu-3a661f1eabf7e8db66e28489884d9b54aacb94ea.tar.gz qemu-3a661f1eabf7e8db66e28489884d9b54aacb94ea.tar.bz2 qemu-3a661f1eabf7e8db66e28489884d9b54aacb94ea.zip | |
crypto: add sanity checking of plaintext/ciphertext length
When encrypting/decrypting data, the plaintext/ciphertext
buffers are required to be a multiple of the cipher block
size. If this is not done, nettle will abort and gcrypt
will report an error. To get consistent behaviour add
explicit checks upfront for the buffer sizes.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test-crypto-cipher.c | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/tests/test-crypto-cipher.c b/tests/test-crypto-cipher.c index 1b60c343e7..f4946a0af0 100644 --- a/tests/test-crypto-cipher.c +++ b/tests/test-crypto-cipher.c @@ -313,6 +313,53 @@ static void test_cipher_null_iv(void) qcrypto_cipher_free(cipher); } +static void test_cipher_short_plaintext(void) +{ + Error *err = NULL; + QCryptoCipher *cipher; + uint8_t key[32] = { 0 }; + uint8_t plaintext1[20] = { 0 }; + uint8_t ciphertext1[20] = { 0 }; + uint8_t plaintext2[40] = { 0 }; + uint8_t ciphertext2[40] = { 0 }; + int ret; + + cipher = qcrypto_cipher_new( + QCRYPTO_CIPHER_ALG_AES_256, + QCRYPTO_CIPHER_MODE_CBC, + key, sizeof(key), + &error_abort); + g_assert(cipher != NULL); + + /* Should report an error as plaintext is shorter + * than block size + */ + ret = qcrypto_cipher_encrypt(cipher, + plaintext1, + ciphertext1, + sizeof(plaintext1), + &err); + g_assert(ret == -1); + g_assert(err != NULL); + + error_free(err); + err = NULL; + + /* Should report an error as plaintext is larger than + * block size, but not a multiple of block size + */ + ret = qcrypto_cipher_encrypt(cipher, + plaintext2, + ciphertext2, + sizeof(plaintext2), + &err); + g_assert(ret == -1); + g_assert(err != NULL); + + error_free(err); + qcrypto_cipher_free(cipher); +} + int main(int argc, char **argv) { size_t i; @@ -328,5 +375,8 @@ int main(int argc, char **argv) g_test_add_func("/crypto/cipher/null-iv", test_cipher_null_iv); + g_test_add_func("/crypto/cipher/short-plaintext", + test_cipher_short_plaintext); + return g_test_run(); } |