Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add test to ensure sequence numbers are allowed to increase by more than one #1667

Merged
merged 7 commits into from
Jul 12, 2024
Merged

Add test to ensure sequence numbers are allowed to increase by more than one #1667

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
d656092
Adds new monotonicity check
maddeleine Jun 25, 2024
9b49430
removing designated initializers
maddeleine Jun 26, 2024
d9e13d5
PR feedback
maddeleine Jul 3, 2024
c9fa68d
Whoops
maddeleine Jul 3, 2024
246bd94
Adding size_t back
maddeleine Jul 3, 2024
34dd912
Adds smaller seq num assert
maddeleine Jul 9, 2024
88cb7dc
Merge branch 'main' into monotonicity_check
maddeleine Jul 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions crypto/cipher_extra/aead_test.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1364,6 +1364,44 @@ TEST(AEADTest, TestGCMSIV256Change16Alignment) {
free(encrypt_ctx_256);
}

TEST(AEADTest, TestMonotonicityCheck) {

static const uint8_t kEvpAeadCtxKey[32] = {0};

// Only the tls13() ciphers have monotonicity checks
const EVP_AEAD *aeads_to_test[] = { EVP_aead_aes_128_gcm_tls13(), EVP_aead_aes_256_gcm_tls13() };

for (const EVP_AEAD *cipher : aeads_to_test) {
bssl::ScopedEVP_AEAD_CTX encrypt_ctx;

ASSERT_TRUE(EVP_AEAD_CTX_init(encrypt_ctx.get(), cipher, kEvpAeadCtxKey, cipher->key_len, 16, NULL))
<< ERR_error_string(ERR_get_error(), NULL);

uint8_t nonce[12] = {0};
uint8_t last_byte = sizeof(nonce) - 1;
uint8_t plaintext[16] = {0};
uint8_t ciphertext[32] = {0};
size_t out_len = 0;

// Checks that sequence numbers are allowed to increment by more than one
// as long as monotonicity is preserved. Here the implicit IV is presumed
// to be a zero-filled array. That lets us update the nonce value directly
// with an increasing sequence number.
for (size_t sequence_num = 0; sequence_num <= 255; sequence_num+=10) {
nonce[last_byte] = sequence_num;
andrewhop marked this conversation as resolved.
Show resolved Hide resolved
ASSERT_TRUE(EVP_AEAD_CTX_seal(encrypt_ctx.get(), ciphertext, &out_len,
sizeof(ciphertext), nonce, sizeof(nonce), plaintext,
sizeof(plaintext), nullptr /* ad */, 0));
}
maddeleine marked this conversation as resolved.
Show resolved Hide resolved

// Attempting to encrypt with a decreased sequence number causes the monotonicity check to fail.
nonce[last_byte] = 0;
ASSERT_FALSE(EVP_AEAD_CTX_seal(encrypt_ctx.get(), ciphertext, &out_len,
sizeof(ciphertext), nonce, sizeof(nonce), plaintext,
sizeof(plaintext), nullptr /* ad */, 0));
}
}

struct EvpAeadCtxSerdeTestParams {
const char *name;
const EVP_AEAD *cipher;
Expand Down
Loading