summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorDaniel P. Berrange2015-10-16 17:35:06 +0200
committerDaniel P. Berrange2015-10-22 20:03:08 +0200
commit3a661f1eabf7e8db66e28489884d9b54aacb94ea (patch)
tree4a0b45548a6eb797c9c254797f065b2b5cd9b33e /tests
parentcrypto: don't let builtin aes crash if no IV is provided (diff)
downloadqemu-3a661f1eabf7e8db66e28489884d9b54aacb94ea.tar.gz
qemu-3a661f1eabf7e8db66e28489884d9b54aacb94ea.tar.xz
qemu-3a661f1eabf7e8db66e28489884d9b54aacb94ea.zip
crypto: add sanity checking of plaintext/ciphertext length
When encrypting/decrypting data, the plaintext/ciphertext buffers are required to be a multiple of the cipher block size. If this is not done, nettle will abort and gcrypt will report an error. To get consistent behaviour add explicit checks upfront for the buffer sizes. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'tests')
-rw-r--r--tests/test-crypto-cipher.c50
1 files changed, 50 insertions, 0 deletions
diff --git a/tests/test-crypto-cipher.c b/tests/test-crypto-cipher.c
index 1b60c343e7..f4946a0af0 100644
--- a/tests/test-crypto-cipher.c
+++ b/tests/test-crypto-cipher.c
@@ -313,6 +313,53 @@ static void test_cipher_null_iv(void)
qcrypto_cipher_free(cipher);
}
+static void test_cipher_short_plaintext(void)
+{
+ Error *err = NULL;
+ QCryptoCipher *cipher;
+ uint8_t key[32] = { 0 };
+ uint8_t plaintext1[20] = { 0 };
+ uint8_t ciphertext1[20] = { 0 };
+ uint8_t plaintext2[40] = { 0 };
+ uint8_t ciphertext2[40] = { 0 };
+ int ret;
+
+ cipher = qcrypto_cipher_new(
+ QCRYPTO_CIPHER_ALG_AES_256,
+ QCRYPTO_CIPHER_MODE_CBC,
+ key, sizeof(key),
+ &error_abort);
+ g_assert(cipher != NULL);
+
+ /* Should report an error as plaintext is shorter
+ * than block size
+ */
+ ret = qcrypto_cipher_encrypt(cipher,
+ plaintext1,
+ ciphertext1,
+ sizeof(plaintext1),
+ &err);
+ g_assert(ret == -1);
+ g_assert(err != NULL);
+
+ error_free(err);
+ err = NULL;
+
+ /* Should report an error as plaintext is larger than
+ * block size, but not a multiple of block size
+ */
+ ret = qcrypto_cipher_encrypt(cipher,
+ plaintext2,
+ ciphertext2,
+ sizeof(plaintext2),
+ &err);
+ g_assert(ret == -1);
+ g_assert(err != NULL);
+
+ error_free(err);
+ qcrypto_cipher_free(cipher);
+}
+
int main(int argc, char **argv)
{
size_t i;
@@ -328,5 +375,8 @@ int main(int argc, char **argv)
g_test_add_func("/crypto/cipher/null-iv",
test_cipher_null_iv);
+ g_test_add_func("/crypto/cipher/short-plaintext",
+ test_cipher_short_plaintext);
+
return g_test_run();
}