From 9d339f288eda10e5334bbf4ccdfd068eaee95c0e Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Mon, 15 Nov 2010 21:19:21 +0100 Subject: Add ncr_symm_cipher_change_iv --- include/ncrypto/ncrypto.h | 2 ++ lib/ncrypto_local.c | 19 ++++++++++++++++ tests/symm_ciphers.c | 56 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 77 insertions(+) diff --git a/include/ncrypto/ncrypto.h b/include/ncrypto/ncrypto.h index 024d5a7..a09d451 100644 --- a/include/ncrypto/ncrypto.h +++ b/include/ncrypto/ncrypto.h @@ -158,6 +158,8 @@ struct ncr_symm_cipher_session; CK_RV ncr_symm_cipher_alloc (struct ncr_symm_cipher_session **sess, CK_MECHANISM_TYPE mech); CK_RV ncr_symm_cipher_free (struct ncr_symm_cipher_session *sess); +CK_RV ncr_symm_cipher_change_iv (struct ncr_symm_cipher_session *sess, + const void *iv, size_t iv_size); /* Use either ncr_symm_cipher_encrypt_{init,update,final} (), or ncr_symm_cipher_{encrypt_init,encrypt} (). After finishing such a call sequence, a new sequence can be started within the same session. Same for diff --git a/lib/ncrypto_local.c b/lib/ncrypto_local.c index da1ccab..537aaac 100644 --- a/lib/ncrypto_local.c +++ b/lib/ncrypto_local.c @@ -501,6 +501,25 @@ ncr_symm_cipher_free (struct ncr_symm_cipher_session *sess) return CKR_OK; } +CK_RV +ncr_symm_cipher_change_iv (struct ncr_symm_cipher_session *sess, const void *iv, + size_t iv_size) +{ + g_return_val_if_fail (sess != NULL, CKR_SESSION_HANDLE_INVALID); + g_return_val_if_fail (sess->state == NSCS_INITIALIZED + || sess->state == NSCS_UPDATED, + CKR_OPERATION_NOT_INITIALIZED); + g_return_val_if_fail (iv != NULL || iv_size == 0, CKR_ARGUMENTS_BAD); + + g_return_val_if_fail (iv_size + == (unsigned)EVP_CIPHER_CTX_iv_length (&sess->ctx), + CKR_MECHANISM_PARAM_INVALID); + g_assert (iv_size <= sizeof (sess->ctx.iv)); + + memcpy (sess->ctx.iv, iv, iv_size); + return CKR_OK; +} + static CK_RV symm_cipher_init (struct ncr_symm_cipher_session *sess, bool encrypt, struct ncr_symm_key *key, const void *param, diff --git a/tests/symm_ciphers.c b/tests/symm_ciphers.c index a6f3570..2c2cd92 100644 --- a/tests/symm_ciphers.c +++ b/tests/symm_ciphers.c @@ -204,6 +204,62 @@ main (void) assert (res == CKR_OK); } + for (i = 0; i < G_N_ELEMENTS (tvs); i++) + { + res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); + assert (res == CKR_OK); + + res = ncr_symm_key_create (&key, tvs[i].key_type, true, tvs[i].key, + tvs[i].key_size); + assert (res == CKR_OK); + + res = ncr_symm_cipher_encrypt_init (sess, key, tvs[i].iv, tvs[i].iv_size); + assert (res == CKR_OK); + + dest_size = sizeof (dest); + res = ncr_symm_cipher_encrypt_update (sess, dest, &dest_size, + tvs[i].input, tvs[i].input_size); + assert (res == CKR_OK); + assert (dest_size == tvs[i].output_size); + assert (memcmp (dest, tvs[i].output, dest_size) == 0); + + res = ncr_symm_cipher_change_iv (sess, tvs[i].iv, tvs[i].iv_size); + assert (res == CKR_OK); + + dest_size = sizeof (dest); + res = ncr_symm_cipher_encrypt_final (sess, dest, &dest_size, tvs[i].input, + tvs[i].input_size); + assert (res == CKR_OK); + assert (dest_size == tvs[i].output_size); + assert (memcmp (dest, tvs[i].output, dest_size) == 0); + + res = ncr_symm_cipher_decrypt_init (sess, key, tvs[i].iv, tvs[i].iv_size); + assert (res == CKR_OK); + + dest_size = sizeof (dest); + res = ncr_symm_cipher_decrypt_update (sess, dest, &dest_size, + tvs[i].output, tvs[i].output_size); + assert (res == CKR_OK); + assert (dest_size == tvs[i].input_size); + assert (memcmp (dest, tvs[i].input, dest_size) == 0); + + res = ncr_symm_cipher_change_iv (sess, tvs[i].iv, tvs[i].iv_size); + assert (res == CKR_OK); + + dest_size = sizeof (dest); + res = ncr_symm_cipher_decrypt_final (sess, dest, &dest_size, + tvs[i].output, tvs[i].output_size); + assert (res == CKR_OK); + assert (dest_size == tvs[i].input_size); + assert (memcmp (dest, tvs[i].input, dest_size) == 0); + + res = ncr_symm_key_destroy (key); + assert (res == CKR_OK); + + res = ncr_symm_cipher_free (sess); + assert (res == CKR_OK); + } + for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); -- cgit From 867c1257c40d8b6c2a887576f8c367bcf3df3c79 Mon Sep 17 00:00:00 2001 From: Miloslav Trmač Date: Mon, 15 Nov 2010 21:33:22 +0100 Subject: Add comments to tests. --- tests/digests.c | 5 +++++ tests/rsa.c | 4 +++- tests/symm_ciphers.c | 6 ++++++ tests/symm_keys.c | 4 ++++ tests/symm_signatures.c | 5 +++++ 5 files changed, 23 insertions(+), 1 deletion(-) diff --git a/tests/digests.c b/tests/digests.c index 19e54cd..e771d12 100644 --- a/tests/digests.c +++ b/tests/digests.c @@ -107,6 +107,7 @@ main (void) void *large; CK_RV res; + /* Test standalone digests. */ for (i = 0; i < G_N_ELEMENTS (tvs); i++) { dest_size = sizeof (dest); @@ -117,6 +118,7 @@ main (void) assert (memcmp (dest, tvs[i].output, dest_size) == 0); } + /* Test init + update + final. */ for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_digest_alloc (&sess, tvs[i].mech); @@ -139,6 +141,7 @@ main (void) assert (res == CKR_OK); } + /* Test session cloning. */ for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_digest_alloc (&sess, tvs[i].mech); @@ -182,6 +185,7 @@ main (void) assert (res == CKR_OK); } + /* Test init + digest. */ for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_digest_alloc (&sess, tvs[i].mech); @@ -202,6 +206,7 @@ main (void) assert (res == CKR_OK); } + /* Test very large input. */ res = ncr_digest_alloc (&sess, CKM_SHA256); assert (res == CKR_OK); res = ncr_digest_init (sess); diff --git a/tests/rsa.c b/tests/rsa.c index 224f5c1..d14e05c 100644 --- a/tests/rsa.c +++ b/tests/rsa.c @@ -53,7 +53,7 @@ main (void) size_t src_size, dest_size; CK_RV res; - /* Test the generic version as well? */ + /* Test key loading. Should we test the generic version as well? */ res = ncr_public_key_create_rsa (&public, modulus, sizeof (modulus), public_exponent, sizeof (public_exponent)); assert (res == CKR_OK); @@ -68,6 +68,7 @@ main (void) assert (res == CKR_OK); + /* Test encryption */ dest_size = sizeof (dest); res = ncr_public_key_encrypt (CKM_RSA_PKCS, public, dest, &dest_size, input, sizeof (input)); @@ -81,6 +82,7 @@ main (void) assert (dest_size == sizeof (input)); assert (memcmp (dest, input, dest_size) == 0); + /* Test signatures */ dest_size = sizeof (dest); res = ncr_private_key_sign (CKM_RSA_PKCS, private, dest, &dest_size, input, sizeof (input)); diff --git a/tests/symm_ciphers.c b/tests/symm_ciphers.c index 2c2cd92..892cfed 100644 --- a/tests/symm_ciphers.c +++ b/tests/symm_ciphers.c @@ -108,6 +108,7 @@ main (void) void *large_src, *large_dest; CK_RV res; + /* Test init + update + final. */ for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); @@ -163,6 +164,7 @@ main (void) assert (res == CKR_OK); } + /* Test init + {en,de}crypt. */ for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); @@ -204,6 +206,7 @@ main (void) assert (res == CKR_OK); } + /* Test changing of the IV. */ for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); @@ -260,6 +263,7 @@ main (void) assert (res == CKR_OK); } + /* Test init + update + final with a random key. */ for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); @@ -313,6 +317,7 @@ main (void) assert (res == CKR_OK); } + /* Test init + {en,de}crypt with a random key. */ for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_symm_cipher_alloc (&sess, tvs[i].mech); @@ -353,6 +358,7 @@ main (void) assert (res == CKR_OK); } + /* Test very large input. */ res = ncr_symm_cipher_alloc (&sess, CKM_AES_CBC); assert (res == CKR_OK); diff --git a/tests/symm_keys.c b/tests/symm_keys.c index aee5396..3f5aed0 100644 --- a/tests/symm_keys.c +++ b/tests/symm_keys.c @@ -74,6 +74,7 @@ main (void) struct ncr_symm_key *key; CK_RV res; + /* Test handling of loaded, non-sensitive keys. */ res = ncr_symm_key_create (&key, CKK_AES, false, input, sizeof (input)); assert (res == CKR_OK); @@ -95,6 +96,7 @@ main (void) assert (res == CKR_OK); + /* Test handling of loaded, sensitive keys. */ res = ncr_symm_key_create (&key, CKK_AES, true, input, sizeof (input)); assert (res == CKR_OK); @@ -104,6 +106,7 @@ main (void) assert (res == CKR_OK); + /* Test handling of generated, non-sensitive keys. */ res = ncr_symm_key_generate (&key, CKM_AES_KEY_GEN, false, sizeof (input)); assert (res == CKR_OK); @@ -124,6 +127,7 @@ main (void) assert (res == CKR_OK); + /* Test handling of generated, sensitive keys. */ res = ncr_symm_key_generate (&key, CKM_AES_KEY_GEN, true, sizeof (input)); assert (res == CKR_OK); diff --git a/tests/symm_signatures.c b/tests/symm_signatures.c index d53eeef..fa672fd 100644 --- a/tests/symm_signatures.c +++ b/tests/symm_signatures.c @@ -77,6 +77,7 @@ main (void) size_t i, j, k, dest_size; CK_RV res; + /* Test init + update + final. */ for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_symm_signature_alloc (&sess, tvs[i].mech); @@ -128,6 +129,7 @@ main (void) assert (res == CKR_OK); } + /* Test session cloning. */ for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_symm_signature_alloc (&sess, tvs[i].mech); @@ -221,6 +223,7 @@ main (void) assert (res == CKR_OK); } + /* Test init + {sign,verify}. */ for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_symm_signature_alloc (&sess, tvs[i].mech); @@ -265,6 +268,7 @@ main (void) assert (res == CKR_OK); } + /* Test init + update + final with a random key. */ for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_symm_signature_alloc (&sess, tvs[i].mech); @@ -314,6 +318,7 @@ main (void) assert (res == CKR_OK); } + /* Test init + {sign,verify} with a random key. */ for (i = 0; i < G_N_ELEMENTS (tvs); i++) { res = ncr_symm_signature_alloc (&sess, tvs[i].mech); -- cgit