crypto: add sanity checking of plaintext/ciphertext length

When encrypting/decrypting data, the plaintext/ciphertext buffers are required to be a multiple of the cipher block size. If this is not done, nettle will abort and gcrypt will report an error. To get consistent behaviour add explicit checks upfront for the buffer sizes. Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2025-08-07 09:43:56 -06:00 · 2015-10-16 16:35:06 +01:00 · 2015-10-16 16:35:06 +01:00 · 3a661f1eab
commit 3a661f1eab
parent eb2a770b17
4 changed files with 130 additions and 24 deletions
--- a/tests/test-crypto-cipher.c
+++ b/tests/test-crypto-cipher.c
@ -313,6 +313,53 @@ static void test_cipher_null_iv(void)
    qcrypto_cipher_free(cipher);
 }

+static void test_cipher_short_plaintext(void)
+{
+    Error *err = NULL;
+    QCryptoCipher *cipher;
+    uint8_t key[32] = { 0 };
+    uint8_t plaintext1[20] = { 0 };
+    uint8_t ciphertext1[20] = { 0 };
+    uint8_t plaintext2[40] = { 0 };
+    uint8_t ciphertext2[40] = { 0 };
+    int ret;
+
+    cipher = qcrypto_cipher_new(
+        QCRYPTO_CIPHER_ALG_AES_256,
+        QCRYPTO_CIPHER_MODE_CBC,
+        key, sizeof(key),
+        &error_abort);
+    g_assert(cipher != NULL);
+
+    /* Should report an error as plaintext is shorter
+     * than block size
+     */
+    ret = qcrypto_cipher_encrypt(cipher,
+                                 plaintext1,
+                                 ciphertext1,
+                                 sizeof(plaintext1),
+                                 &err);
+    g_assert(ret == -1);
+    g_assert(err != NULL);
+
+    error_free(err);
+    err = NULL;
+
+    /* Should report an error as plaintext is larger than
+     * block size, but not a multiple of block size
+     */
+    ret = qcrypto_cipher_encrypt(cipher,
+                                 plaintext2,
+                                 ciphertext2,
+                                 sizeof(plaintext2),
+                                 &err);
+    g_assert(ret == -1);
+    g_assert(err != NULL);
+
+    error_free(err);
+    qcrypto_cipher_free(cipher);
+}
+
 int main(int argc, char **argv)
 {
    size_t i;
@ -328,5 +375,8 @@ int main(int argc, char **argv)
    g_test_add_func("/crypto/cipher/null-iv",
                    test_cipher_null_iv);

+    g_test_add_func("/crypto/cipher/short-plaintext",
+                    test_cipher_short_plaintext);
+
    return g_test_run();
 }