Test cases for the transport phase of Noise sessions

2025-01-18 04:33:12 -08:00 · 2018-06-18 05:24:27 +10:00
parent e04733b8a5
commit 5db9e834f2
7 changed files with 42 additions and 62 deletions
--- a/libraries/NoiseProtocol/src/NoiseCipherState_AESGCM.cpp
+++ b/libraries/NoiseProtocol/src/NoiseCipherState_AESGCM.cpp
@@ -77,11 +77,11 @@ int NoiseCipherState_AESGCM::decryptPacket
        return -1;
    uint8_t iv[12];
    noiseAESGCMFormatIV(iv, n);
-    cipher.setIV((const uint8_t *)&iv, sizeof(iv));
-    cipher.decrypt((uint8_t *)output, (const uint8_t *)input, outputSize);
-    if (cipher.checkTag(((const uint8_t *)input) + outputSize, 16)) {
+    cipher.setIV(iv, sizeof(iv));
+    cipher.decrypt((uint8_t *)output, (const uint8_t *)input, inputSize - 16);
+    if (cipher.checkTag(((const uint8_t *)input) + inputSize - 16, 16)) {
        ++n;
-        return outputSize;
+        return inputSize - 16;
    }
    memset(output, 0, outputSize); // Destroy the output if the tag is invalid.
    return -1;
--- a/libraries/NoiseProtocol/src/NoiseCipherState_ChaChaPoly.cpp
+++ b/libraries/NoiseProtocol/src/NoiseCipherState_ChaChaPoly.cpp
@@ -73,12 +73,11 @@ int NoiseCipherState_ChaChaPoly::decryptPacket
    if (inputSize < 16 || outputSize < (inputSize - 16))
        return -1;
    uint64_t iv = htole64(n);
-    outputSize = inputSize - 16;
    cipher.setIV((const uint8_t *)&iv, sizeof(iv));
-    cipher.decrypt((uint8_t *)output, (const uint8_t *)input, outputSize);
-    if (cipher.checkTag(((const uint8_t *)input) + outputSize, 16)) {
+    cipher.decrypt((uint8_t *)output, (const uint8_t *)input, inputSize - 16);
+    if (cipher.checkTag(((const uint8_t *)input) + inputSize - 16, 16)) {
        ++n;
-        return outputSize;
+        return inputSize - 16;
    }
    memset(output, 0, outputSize); // Destroy the output if the tag is invalid.
    return -1;
--- a/libraries/NoiseProtocol/src/NoiseHandshakeState.cpp
+++ b/libraries/NoiseProtocol/src/NoiseHandshakeState.cpp
@@ -353,7 +353,7 @@ int NoiseHandshakeState::read
 * \return Returns true if the cipher objects were split out, or false if
 * state() is not NoiseHandshakeState::Split.
 *
- * If \a tx or \a rx are NULL, the the respective cipher object will not
+ * If \a tx or \a rx are NULL, then the respective cipher object will not
 * be created.  This is useful for one-way patterns.
 *
 * The application is responsible for destroying the \a tx and \a rx
--- a/libraries/NoiseProtocol/src/NoiseSymmetricState_AESGCM_SHA256.cpp
+++ b/libraries/NoiseProtocol/src/NoiseSymmetricState_AESGCM_SHA256.cpp
@@ -174,16 +174,15 @@ int NoiseSymmetricState_AESGCM_SHA256::decryptAndHash
    if (st.hasKey) {
        if (inputSize < 16 || outputSize < (inputSize - 16))
            return -1;
-        outputSize = inputSize - 16;
        uint8_t iv[12];
        noiseAESGCMFormatIV(iv, st.n);
        cipher.setIV(iv, sizeof(iv));
        cipher.addAuthData(st.h, sizeof(st.h));
        mixHash(input, inputSize);
-        cipher.decrypt(output, input, outputSize);
-        if (cipher.checkTag(input + outputSize, 16)) {
+        cipher.decrypt(output, input, inputSize -16);
+        if (cipher.checkTag(input + inputSize - 16, 16)) {
            ++st.n;
-            return outputSize;
+            return inputSize -16;
        }
        memset(output, 0, outputSize); // Destroy output if tag is incorrect.
        return -1;
--- a/libraries/NoiseProtocol/src/NoiseSymmetricState_ChaChaPoly_BLAKE2s.cpp
+++ b/libraries/NoiseProtocol/src/NoiseSymmetricState_ChaChaPoly_BLAKE2s.cpp
@@ -148,17 +148,16 @@ int NoiseSymmetricState_ChaChaPoly_BLAKE2s::decryptAndHash
    if (st.hasKey) {
        if (inputSize < 16 || outputSize < (inputSize - 16))
            return -1;
-        outputSize = inputSize - 16;
        ChaChaPoly cipher;
        uint64_t iv = htole64(st.n);
        cipher.setKey(st.key, 32);
        cipher.setIV((const uint8_t *)&iv, sizeof(iv));
        cipher.addAuthData(st.h, sizeof(st.h));
        mixHash(input, inputSize);
-        cipher.decrypt(output, input, outputSize);
-        if (cipher.checkTag(input + outputSize, 16)) {
+        cipher.decrypt(output, input, inputSize - 16);
+        if (cipher.checkTag(input + inputSize - 16, 16)) {
            ++st.n;
-            return outputSize;
+            return inputSize - 16;
        }
        memset(output, 0, outputSize); // Destroy output if tag is incorrect.
        return -1;
--- a/libraries/NoiseProtocol/src/NoiseSymmetricState_ChaChaPoly_SHA256.cpp
+++ b/libraries/NoiseProtocol/src/NoiseSymmetricState_ChaChaPoly_SHA256.cpp
@@ -148,17 +148,16 @@ int NoiseSymmetricState_ChaChaPoly_SHA256::decryptAndHash
    if (st.hasKey) {
        if (inputSize < 16 || outputSize < (inputSize - 16))
            return -1;
-        outputSize = inputSize - 16;
        ChaChaPoly cipher;
        uint64_t iv = htole64(st.n);
        cipher.setKey(st.key, 32);
        cipher.setIV((const uint8_t *)&iv, sizeof(iv));
        cipher.addAuthData(st.h, sizeof(st.h));
        mixHash(input, inputSize);
-        cipher.decrypt(output, input, outputSize);
-        if (cipher.checkTag(input + outputSize, 16)) {
+        cipher.decrypt(output, input, inputSize - 16);
+        if (cipher.checkTag(input + inputSize - 16, 16)) {
            ++st.n;
-            return outputSize;
+            return inputSize - 16;
        }
        memset(output, 0, outputSize); // Destroy output if tag is incorrect.
        return -1;