Implementation of XAES-256-GCM with EVP_CIPHER #2750
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| #define NUM_NID 999 | ||
| #define NUM_NID 1000 | ||
|
|
||
| static const uint8_t kObjectData[] = { |
There was a problem hiding this comment.
warning: unknown type name 'uint8_t' [clang-diagnostic-error]
static const uint8_t kObjectData[] = {
^| 0x31, | ||
| }; | ||
|
|
||
| static const ASN1_OBJECT kObjects[NUM_NID] = { |
There was a problem hiding this comment.
warning: unknown type name 'ASN1_OBJECT' [clang-diagnostic-error]
static const ASN1_OBJECT kObjects[NUM_NID] = {
^
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## xaes-256-gcm #2750 +/- ##
==============================================
Coverage 78.94% 78.94%
==============================================
Files 677 677
Lines 115525 115674 +149
Branches 16249 16257 +8
==============================================
+ Hits 91198 91317 +119
- Misses 23530 23556 +26
- Partials 797 801 +4 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
…to xaes-256-gcm
| CHECK_ERROR(EVP_DecryptFinal(ctx.get(), out_vec.data(), &out_len), ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| } | ||
|
|
||
| TEST(CipherTest, XAES_256_GCM_EVP_CIPHER) { |
There was a problem hiding this comment.
I'm not sure I can follow all the tests this function is performing. Maybe you could break it into smaller test functions?
| CHECK_ERROR(EVP_DecryptUpdate(ctx.get(), out_vec.data(), &out_len, in_vec.data(), in_len), ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| CHECK_ERROR(EVP_DecryptFinal(ctx.get(), out_vec.data(), &out_len), ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| } | ||
|
|
There was a problem hiding this comment.
can we use CipherFileTest for test vectors?
| ASSERT_TRUE(ctx); | ||
| ASSERT_TRUE(EVP_CipherInit_ex(ctx.get(), EVP_xaes_256_gcm(), NULL, NULL, NULL, 1)); | ||
|
|
||
| // Invalid nonce size |
There was a problem hiding this comment.
please write down the valid range for nonce size.
| const uint8_t *plaintext = (const uint8_t *)"Hello, XAES-256-GCM!"; | ||
| size_t plaintext_len = strlen((const char *)plaintext); | ||
|
|
||
| ciphertext.resize(20); |
| TEST(CipherTest, XAES_256_GCM_EVP_CIPHER) { | ||
| { | ||
| std::vector<uint8_t> ciphertext, tag, decrypted; | ||
| const uint8_t key[32] = { |
There was a problem hiding this comment.
why not std::vector<uint8_t>?
| struct xaes_256_gcm_ctx *xaes_ctx = | ||
| (struct xaes_256_gcm_ctx *)((uint8_t*)ctx->cipher_data + XAES_256_GCM_CTX_OFFSET); | ||
|
|
||
| uint8_t derived_key[(256 >> 3)]; |
| return 1; | ||
| } | ||
|
|
||
| static const uint8_t kZeroIn[AES_BLOCK_SIZE] = {0}; |
There was a problem hiding this comment.
we can move inside the function it's using it.
|
|
||
| static int xaes_256_gcm_ctx_init(struct xaes_256_gcm_ctx *xaes_ctx, | ||
| const uint8_t *key, const unsigned key_len) { | ||
| if ((key_len << 3) != 256) { |
| ptr += (uintptr_t)ptr & 8; | ||
|
|
||
| OPENSSL_memcpy(ptr, gctx, sizeof(EVP_AES_GCM_CTX)); | ||
| OPENSSL_free(temp); |
|
|
||
| static int xaes_256_gcm_init(EVP_CIPHER_CTX *ctx, const uint8_t *key, | ||
| const uint8_t *iv, int enc) { | ||
| if(key != NULL && !xaes_256_gcm_init_common(ctx, key, |
There was a problem hiding this comment.
I think this is a bug -- if key is NULL than you'll fall through and call xaes_256_gcm_set_gcm_key, but I don't think you want to do that, do you?
3 participants
Issues:
Description of Changes
Implementation for API EVP_CIPHER of XAES-256-GCM is appended to e_aes.c, and the tests are appended to cipher_test.cc.
Testing
We use the test vectors provided here:
https://github.com/C2SP/C2SP/blob/main/XAES-256-GCM.md
https://github.com/C2SP/C2SP/blob/main/XAES-256-GCM/openssl/openssl.c
https://github.com/C2SP/C2SP/blob/main/XAES-256-GCM/go/XAES-256-GCM_test.go
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.