From 1465602ee14779f4a21b87ec81aebcabf47fbcac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 9 May 2018 12:51:54 +0200 Subject: [PATCH] poly1305: fix bug in starts() and add test for it --- library/poly1305.c | 5 +++ tests/suites/test_suite_chacha20.function | 4 +-- tests/suites/test_suite_poly1305.function | 38 ++++++++++++++++++++++- 3 files changed, 44 insertions(+), 3 deletions(-) diff --git a/library/poly1305.c b/library/poly1305.c index 14c362d583..542a850047 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -280,6 +280,11 @@ int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx, ctx->acc[1] = 0U; ctx->acc[2] = 0U; ctx->acc[3] = 0U; + ctx->acc[4] = 0U; + + /* Queue initially empty */ + mbedtls_zeroize( ctx->queue, sizeof( ctx->queue ) ); + ctx->queue_len = 0U; return( 0 ); } diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index fb3ad3e79e..bac1ef3cab 100644 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -67,8 +67,8 @@ void chacha20_crypt( char *hex_key_string, * Test the streaming API again, piecewise */ - /* Don't reset the context of key, in order to test that starts() do the - * right thing. */ + /* Don't free/init the context nor set the key again, + * in order to test that starts() does the right thing. */ TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str, counter ) == 0 ); memset( output, 0x00, sizeof( output ) ); diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function index 5ede635c9a..964d1297a9 100644 --- a/tests/suites/test_suite_poly1305.function +++ b/tests/suites/test_suite_poly1305.function @@ -11,6 +11,7 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src unsigned char mac[16]; /* size set by the standard */ unsigned char mac_str[33]; /* hex expansion of the above */ size_t src_len; + mbedtls_poly1305_context ctx; memset( src_str, 0x00, sizeof( src_str ) ); memset( mac_str, 0x00, sizeof( mac_str ) ); @@ -20,10 +21,45 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src src_len = unhexify( src_str, hex_src_string ); unhexify( key, hex_key_string ); + /* + * Test the integrated API + */ mbedtls_poly1305_mac( key, src_str, src_len, mac ); - hexify( mac_str, mac, 16 ); + hexify( mac_str, mac, 16 ); TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); + + /* + * Test the streaming API + */ + mbedtls_poly1305_init( &ctx ); + + TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 ); + + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, src_len ) == 0 ); + + TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); + + hexify( mac_str, mac, 16 ); + TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); + + /* + * Test the streaming API again, piecewise + */ + + /* Don't free/init the context, in order to test that starts() does the + * right thing. */ + TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 ); + + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, 1 ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 1, src_len - 1) == 0 ); + + TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); + + hexify( mac_str, mac, 16 ); + TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); + + mbedtls_poly1305_free( &ctx ); } /* END_CASE */