diff options
| author | Tobias Nießen <tniessen@tnie.de> | 2018-09-14 21:49:34 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2019-05-08 11:57:59 +0200 |
| commit | 67c81ec311d696464bdbf4c6d6f8a887a3ddf9f8 (patch) | |
| tree | 3bfb831749c8819845932255059595dbb6a623a1 /test/evp_test.c | |
| parent | EVP_EncryptUpdate, EVP_EncryptFinal_ex: don't branch on uninitialized memory (diff) | |
| download | openssl-67c81ec311d696464bdbf4c6d6f8a887a3ddf9f8.tar.xz openssl-67c81ec311d696464bdbf4c6d6f8a887a3ddf9f8.zip | |
Allow specifying the tag after AAD in CCM mode
This change allows to pass the authentication tag after specifying
the AAD in CCM mode. This is already true for the other two supported
AEAD modes (GCM and OCB) and it seems appropriate to match the
behavior.
GCM and OCB also support to set the tag at any point before the call
to `EVP_*Final`, but this won't work for CCM due to a restriction
imposed by section 2.6 of RFC3610: The tag must be set before
actually decrypting data.
This commit also adds a test case for setting the tag after supplying
plaintext length and AAD.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7243)
Diffstat (limited to 'test/evp_test.c')
| -rw-r--r-- | test/evp_test.c | 29 |
1 files changed, 20 insertions, 9 deletions
diff --git a/test/evp_test.c b/test/evp_test.c index 1836ddb103..fa9cde8289 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -463,6 +463,7 @@ typedef struct cipher_data_st { size_t aad_len[AAD_NUM]; unsigned char *tag; size_t tag_len; + int tag_late; } CIPHER_DATA; static int cipher_test_init(EVP_TEST *t, const char *alg) @@ -535,6 +536,15 @@ static int cipher_test_parse(EVP_TEST *t, const char *keyword, } if (strcmp(keyword, "Tag") == 0) return parse_bin(value, &cdat->tag, &cdat->tag_len); + if (strcmp(keyword, "SetTagLate") == 0) { + if (strcmp(value, "TRUE") == 0) + cdat->tag_late = 1; + else if (strcmp(value, "FALSE") == 0) + cdat->tag_late = 0; + else + return 0; + return 1; + } } if (strcmp(keyword, "Operation") == 0) { @@ -620,7 +630,7 @@ static int cipher_test_enc(EVP_TEST *t, int enc, * If encrypting or OCB just set tag length initially, otherwise * set tag length and value. */ - if (enc || expected->aead == EVP_CIPH_OCB_MODE) { + if (enc || expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late) { t->err = "TAG_LENGTH_SET_ERROR"; tag = NULL; } else { @@ -643,14 +653,6 @@ static int cipher_test_enc(EVP_TEST *t, int enc, goto err; } - if (!enc && expected->aead == EVP_CIPH_OCB_MODE) { - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - expected->tag_len, expected->tag)) { - t->err = "TAG_SET_ERROR"; - goto err; - } - } - if (expected->aead == EVP_CIPH_CCM_MODE) { if (!EVP_CipherUpdate(ctx, NULL, &tmplen, NULL, out_len)) { t->err = "CCM_PLAINTEXT_LENGTH_SET_ERROR"; @@ -689,6 +691,15 @@ static int cipher_test_enc(EVP_TEST *t, int enc, } } } + + if (!enc && (expected->aead == EVP_CIPH_OCB_MODE || expected->tag_late)) { + if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + expected->tag_len, expected->tag)) { + t->err = "TAG_SET_ERROR"; + goto err; + } + } + EVP_CIPHER_CTX_set_padding(ctx, 0); t->err = "CIPHERUPDATE_ERROR"; tmplen = 0; |