Skip to content

Added a unit test for cypher text padding check in client's symmetric_decrypt_verify() #381

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Added a unit test for cypher text padding check in client's symmetric_decrypt_verify() #381

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
d853f0d
removed commented out code in symmetric_decrypt_verify
BogdanYarotsky Sep 13, 2024
95088bc
Revert "removed commented out code in symmetric_decrypt_verify"
BogdanYarotsky Sep 22, 2024
792ad25
uncommented the code responsible for ciphertext padding check
BogdanYarotsky Sep 22, 2024
8b9d59b
added a unit test to validate padding check in symmetric_decrypt_and_…
BogdanYarotsky Sep 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions lib/src/core/comms/secure_channel.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1212,10 +1212,13 @@ impl SecureChannel {

// There is an expectation that the block is padded so, this is a quick test
let ciphertext_size = encrypted_range.end - encrypted_range.start;
// if ciphertext_size % 16 != 0 {
// error!("The cipher text size is not padded properly, size = {}", ciphertext_size);
// return Err(StatusCode::BadUnexpectedError);
// }
if ciphertext_size % 16 != 0 {
error!(
"The cipher text size is not padded properly, size = {}",
ciphertext_size
);
return Err(StatusCode::BadUnexpectedError);
}

// Copy security header
dst[..encrypted_range.start].copy_from_slice(&src[..encrypted_range.start]);
Expand Down
27 changes: 27 additions & 0 deletions lib/src/core/tests/chunk.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -472,6 +472,33 @@ fn security_policy_symmetric_encrypt_decrypt() {
assert_eq!(&src[..80], &src2[..80]);
}

#[test]
fn security_policy_symmetric_encrypt_decrypt_ciphertext_invalid_padding_returns_error() {
let (secure_channel1, secure_channel2) = make_secure_channels(
MessageSecurityMode::SignAndEncrypt,
SecurityPolicy::Basic128Rsa15,
);

let src = vec![0u8; 100];
let mut dst = vec![0u8; 200];

let encrypted_len = secure_channel1
.symmetric_sign_and_encrypt(&src, 0..80, 20..100, &mut dst)
.unwrap();
assert_eq!(encrypted_len, 100);

let mut src2 = vec![0u8; 200];

// length of encrypted range should be dividable by 16
let invalid_encrypted_range = 21..100;

let error = secure_channel2
.symmetric_decrypt_and_verify(&dst, 0..80, invalid_encrypted_range, &mut src2)
.unwrap_err();

assert!(error.contains(StatusCode::BadUnexpectedError))
}

#[test]
fn asymmetric_decrypt_and_verify_sample_chunk() {
let _ = Test::setup();
Expand Down