[tests] Verify ability to reset cipher initialisation vector

TLS relies upon the ability to reuse a cipher by resetting only the
initialisation vector while reusing the existing key.

Add verification of resetting the initialisation vector to the cipher
self-tests.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/tests/cipher_test.c b/src/tests/cipher_test.c
index 2ead3c827484ae63b1e6681c21d993f4dd7eb3a1..0d0eac1d81d2c0f3650af935d4640af5011483db 100644 (file)
--- a/src/tests/cipher_test.c
+++ b/src/tests/cipher_test.c
@@ -81,6 +81,25 @@ void cipher_encrypt_okx ( struct cipher_test *test, const char *file,
        okx ( cipher->authsize == test->auth_len, file, line );
        cipher_auth ( cipher, ctx, auth );
        okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
+
+       /* Reset initialisation vector */
+       cipher_setiv ( cipher, ctx, test->iv, test->iv_len );
+
+       /* Process additional data, if applicable */
+       if ( test->additional_len ) {
+               cipher_encrypt ( cipher, ctx, test->additional, NULL,
+                                test->additional_len );
+       }
+
+       /* Perform encryption */
+       cipher_encrypt ( cipher, ctx, test->plaintext, ciphertext, len );
+
+       /* Compare against expected ciphertext */
+       okx ( memcmp ( ciphertext, test->ciphertext, len ) == 0, file, line );
+
+       /* Check authentication tag */
+       cipher_auth ( cipher, ctx, auth );
+       okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
 }
 
 /**
@@ -120,6 +139,25 @@ void cipher_decrypt_okx ( struct cipher_test *test, const char *file,
        okx ( cipher->authsize == test->auth_len, file, line );
        cipher_auth ( cipher, ctx, auth );
        okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
+
+       /* Reset initialisation vector */
+       cipher_setiv ( cipher, ctx, test->iv, test->iv_len );
+
+       /* Process additional data, if applicable */
+       if ( test->additional_len ) {
+               cipher_decrypt ( cipher, ctx, test->additional, NULL,
+                                test->additional_len );
+       }
+
+       /* Perform decryption */
+       cipher_decrypt ( cipher, ctx, test->ciphertext, plaintext, len );
+
+       /* Compare against expected plaintext */
+       okx ( memcmp ( plaintext, test->plaintext, len ) == 0, file, line );
+
+       /* Check authentication tag */
+       cipher_auth ( cipher, ctx, auth );
+       okx ( memcmp ( auth, test->auth, test->auth_len ) == 0, file, line );
 }
 
 /**