Improve in-place testing

diff --git a/siv-cmac.c b/siv-cmac.c
index 8205c320f544b725246c5078d0b13bd9015bf839..a1e2a4bdf0c3b4e003e615e6a7534c189fdac34c 100644 (file)
--- a/siv-cmac.c
+++ b/siv-cmac.c
@@ -122,7 +122,8 @@ siv_cmac_encrypt_message (const struct cmac128_key *cmac_key,
 {
   union nettle_block16 siv;
   size_t slength;
-
+  /* In-place operation not supported. */
+  assert (dst != src);
   assert (clength >= SIV_DIGEST_SIZE);
   slength = clength - SIV_DIGEST_SIZE;
 
@@ -149,6 +150,9 @@ siv_cmac_decrypt_message (const struct cmac128_key *cmac_key,
   union nettle_block16 siv;
   union nettle_block16 ctr;
 
+  /* In-place operation not supported. */
+  assert (dst != src);
+
   memcpy (ctr.b, src, SIV_DIGEST_SIZE);
   ctr.b[8] &= ~0x80;
   ctr.b[12] &= ~0x80;

diff --git a/testsuite/siv-gcm-test.c b/testsuite/siv-gcm-test.c
index 1e02fcc7cdcd6f6ed69d3152bf4f7ebcd97d5dce..49302ad7db05f490724bf0eb236b854eef148db5 100644 (file)
--- a/testsuite/siv-gcm-test.c
+++ b/testsuite/siv-gcm-test.c
@@ -48,6 +48,7 @@ siv_gcm_aes128 = {
   sizeof(struct aes128_ctx),
   AES128_KEY_SIZE,
   SIV_GCM_DIGEST_SIZE,
+  1, /* Supports in-place operation. */
   (nettle_set_key_func*) aes128_set_encrypt_key,
   (nettle_set_key_func*) aes128_set_encrypt_key,
   (nettle_encrypt_message_func*) siv_gcm_aes128_encrypt_message,
@@ -60,6 +61,7 @@ siv_gcm_aes256 = {
   sizeof(struct aes256_ctx),
   AES256_KEY_SIZE,
   SIV_GCM_DIGEST_SIZE,
+  1, /* Supports in-place operation. */
   (nettle_set_key_func*) aes256_set_encrypt_key,
   (nettle_set_key_func*) aes256_set_encrypt_key,
   (nettle_encrypt_message_func*) siv_gcm_aes256_encrypt_message,

diff --git a/testsuite/siv-test.c b/testsuite/siv-test.c
index 7b10ff0d484bf251da5f18da2829c08af951d245..53214bbb8fd7057f4f49f6931bce9610baf0f737 100644 (file)
--- a/testsuite/siv-test.c
+++ b/testsuite/siv-test.c
@@ -42,6 +42,7 @@ siv_cmac_aes128 = {
   sizeof(struct siv_cmac_aes128_ctx),
   SIV_CMAC_AES128_KEY_SIZE,
   SIV_DIGEST_SIZE,
+  0, /* No in-place operation. */
   (nettle_set_key_func*) siv_cmac_aes128_set_key,
   (nettle_set_key_func*) siv_cmac_aes128_set_key,
   (nettle_encrypt_message_func*) siv_cmac_aes128_encrypt_message,
@@ -54,6 +55,7 @@ siv_cmac_aes256 = {
   sizeof(struct siv_cmac_aes256_ctx),
   SIV_CMAC_AES256_KEY_SIZE,
   SIV_DIGEST_SIZE,
+  0, /* No in-place operation. */
   (nettle_set_key_func*) siv_cmac_aes256_set_key,
   (nettle_set_key_func*) siv_cmac_aes256_set_key,
   (nettle_encrypt_message_func*) siv_cmac_aes256_encrypt_message,

diff --git a/testsuite/testutils.c b/testsuite/testutils.c
index 74059c5357d334bc92cf3747136f231b72a4a5b3..3420ae9d20ae97131977201f8857a6f68c48b856 100644 (file)
--- a/testsuite/testutils.c
+++ b/testsuite/testutils.c
@@ -917,6 +917,9 @@ test_aead_message (const struct nettle_aead_message *aead,
 {
   void *ctx = xalloc (aead->context_size);
   uint8_t *buf = xalloc (cipher->length + 1);
+  uint8_t *copy = xalloc (cipher->length);
+
+  static const uint8_t nul = 0;
   int res;
 
   ASSERT (key->length == aead->key_size);
@@ -943,26 +946,7 @@ test_aead_message (const struct nettle_aead_message *aead,
       FAIL();
     }
   aead->set_decrypt_key (ctx, key->data);
-#if 0
-  /* First try in-place decrypt. FIXME: Not supported for SIV. */
-  res = aead->decrypt (ctx,
-                      nonce->length, nonce->data,
-                      adata->length, adata->data,
-                      clear->length, buf, buf);
-  if (!res)
-    {
-      fprintf (stderr, "in-place decrypting valid ciphertext failed:\n  ");
-      tstring_print_hex (cipher);
-    }
-  if (!MEMEQ (clear->length, clear->data, buf))
-    {
-      fprintf(stderr, "aead->decrypt (in place message) failed:\n  got: ");
-      print_hex (clear->length, buf);
-      fprintf (stderr, "  exp: ");
-      tstring_print_hex (clear);
-      FAIL();
-    }
-#endif
+
   memset (buf, 0xae, clear->length + 1);
 
   res = aead->decrypt (ctx,
@@ -993,39 +977,84 @@ test_aead_message (const struct nettle_aead_message *aead,
       fprintf (stderr, "Invalid message (truncated) not rejected\n");
       FAIL();
     }
-  memcpy (buf, cipher->data, cipher->length);
-  buf[0] ^= 4;
+  memcpy (copy, cipher->data, cipher->length);
+  copy[0] ^= 4;
   if (aead->decrypt (ctx,
                     nonce->length, nonce->data,
                     adata->length, adata->data,
-                    clear->length, buf, buf))
+                    clear->length, buf, copy))
     {
       fprintf (stderr, "Invalid message (first byte modified) not rejected\n");
       FAIL();
     }
 
-  memcpy (buf, cipher->data, cipher->length);
-  buf[cipher->length - 1] ^= 4;
+  memcpy (copy, cipher->data, cipher->length);
+  copy[cipher->length - 1] ^= 4;
   if (aead->decrypt (ctx,
                     nonce->length, nonce->data,
                     adata->length, adata->data,
-                    clear->length, buf, buf))
+                    clear->length, buf, copy))
     {
       fprintf (stderr, "Invalid message (last byte modified) not rejected\n");
       FAIL();
     }
 
-  memcpy (buf, adata->data, adata->length);
-  if (adata->length == 0)
-    buf[0] = 0;
   if (aead->decrypt (ctx,
                     nonce->length, nonce->data,
-                    adata->length ? adata->length /* - 1 */ : 1, buf,
+                    adata->length > 0 ? adata->length - 1 : 1,
+                    adata->length > 0 ? adata->data : &nul,
                     clear->length, buf, cipher->data))
     {
       fprintf (stderr, "Invalid adata not rejected\n");
       FAIL();
     }
+
+  /* Test in-place operation. NOTE: Not supported for SIV-CMAC. */
+  if (aead->supports_inplace)
+    {
+      aead->set_encrypt_key (ctx, key->data);
+      buf[cipher->length] = 0xae;
+
+      memcpy (buf, clear->data, clear->length);
+      aead->encrypt (ctx,
+                    nonce->length, nonce->data,
+                    adata->length, adata->data,
+                    cipher->length, buf, buf);
+      if (!MEMEQ (cipher->length, cipher->data, buf))
+       {
+         fprintf(stderr, "aead->encrypt (in-place message) failed:\n  got: ");
+         print_hex (cipher->length, buf);
+         fprintf (stderr, "  exp: ");
+         tstring_print_hex (cipher);
+         FAIL();
+       }
+      if (buf[cipher->length] != 0xae)
+       {
+         fprintf (stderr, "aead->encrypt (in-place message) wrote too much.\n ");
+         FAIL();
+       }
+
+      res = aead->decrypt (ctx,
+                          nonce->length, nonce->data,
+                          adata->length, adata->data,
+                          clear->length, buf, buf);
+      if (!res)
+       {
+         fprintf (stderr, "in-place decrypting valid ciphertext failed:\n  ");
+         tstring_print_hex (cipher);
+       }
+      if (!MEMEQ (clear->length, clear->data, buf))
+       {
+         fprintf(stderr, "aead->decrypt (in-place message) failed:\n  got: ");
+         print_hex (clear->length, buf);
+         fprintf (stderr, "  exp: ");
+         tstring_print_hex (clear);
+         FAIL();
+       }
+    }
+  free (ctx);
+  free (buf);
+  free (copy);
 }
 
 void

diff --git a/testsuite/testutils.h b/testsuite/testutils.h
index 7606cc3a5015da15debbde94f8c7d1f8e997cdbf..687bcd7311b446130a837bbfd1f7ea5137633b96 100644 (file)
--- a/testsuite/testutils.h
+++ b/testsuite/testutils.h
@@ -97,6 +97,7 @@ struct nettle_aead_message
   unsigned context_size;
   unsigned key_size;
   unsigned digest_size;
+  int supports_inplace;
   nettle_set_key_func *set_encrypt_key;
   nettle_set_key_func *set_decrypt_key;
   nettle_encrypt_message_func *encrypt;