diff options
| author | juerg <juerg@google.com> | 2022-05-09 11:03:04 -0700 |
|---|---|---|
| committer | Copybara-Service <copybara-worker@google.com> | 2022-05-09 11:04:07 -0700 |
| commit | 45cf285ac4548c1aff35cd1a605e5810f7a346aa (patch) | |
| tree | a6582eebbf0a7467c6161c0e04562b493aea8dcb /cc/aead | |
| parent | 9205e1c84ef691b9fa9af2726158b788446efaa0 (diff) | |
| download | tink-45cf285ac4548c1aff35cd1a605e5810f7a346aa.tar.gz | |
Rename additional data to associated data in ssl_aead.
PiperOrigin-RevId: 447514830
Diffstat (limited to 'cc/aead')
| -rw-r--r-- | cc/aead/internal/ssl_aead.cc | 22 | ||||
| -rw-r--r-- | cc/aead/internal/ssl_aead_test.cc | 149 |
2 files changed, 88 insertions, 83 deletions
diff --git a/cc/aead/internal/ssl_aead.cc b/cc/aead/internal/ssl_aead.cc index 39ab71673..4b62a8a10 100644 --- a/cc/aead/internal/ssl_aead.cc +++ b/cc/aead/internal/ssl_aead.cc @@ -117,7 +117,7 @@ class OpenSslOneShotAeadImpl : public SslOneShotAead { absl::string_view iv, absl::Span<char> out) const override { absl::string_view plaintext_data = internal::EnsureStringNonNull(plaintext); - absl::string_view aad = internal::EnsureStringNonNull(associated_data); + absl::string_view ad = internal::EnsureStringNonNull(associated_data); const int64_t min_out_buff_size = CiphertextSize(plaintext.size()); if (out.size() < min_out_buff_size) { @@ -156,13 +156,13 @@ class OpenSslOneShotAeadImpl : public SslOneShotAead { return res; } - // Set the additional auth. data. + // Set the associated data. int len = 0; if (EVP_EncryptUpdate(context.get(), /*out=*/nullptr, &len, - reinterpret_cast<const uint8_t *>(aad.data()), - aad.size()) <= 0) { + reinterpret_cast<const uint8_t *>(ad.data()), + ad.size()) <= 0) { return util::Status(absl::StatusCode::kInternal, - "Failed to set the additional authenticated data"); + "Failed to set associated data"); } util::StatusOr<int64_t> raw_ciphertext_bytes = @@ -188,7 +188,7 @@ class OpenSslOneShotAeadImpl : public SslOneShotAead { absl::string_view associated_data, absl::string_view iv, absl::Span<char> out) const override { - absl::string_view aad = internal::EnsureStringNonNull(associated_data); + absl::string_view ad = internal::EnsureStringNonNull(associated_data); if (ciphertext.size() < tag_size_) { return util::Status( @@ -228,12 +228,12 @@ class OpenSslOneShotAeadImpl : public SslOneShotAead { } int len = 0; - // Add additional auth. data. + // Add the associated data. if (EVP_DecryptUpdate(context.get(), /*out=*/nullptr, &len, - reinterpret_cast<const uint8_t *>(aad.data()), - aad.size()) <= 0) { + reinterpret_cast<const uint8_t *>(ad.data()), + ad.size()) <= 0) { return util::Status(absl::StatusCode::kInternal, - "Failed to set the additional authenticated data"); + "Failed to set associated_data"); } const int64_t raw_ciphertext_size = ciphertext.size() - tag_size_; @@ -301,7 +301,7 @@ class BoringSslOneShotAeadImpl : public SslOneShotAead { absl::string_view associated_data, absl::string_view iv, absl::Span<char> out) const override { - // BoringSSL expects a non-null pointer for additional_data, + // BoringSSL expects a non-null pointer for associated_data, // regardless of whether the size is 0. plaintext = internal::EnsureStringNonNull(plaintext); associated_data = internal::EnsureStringNonNull(associated_data); diff --git a/cc/aead/internal/ssl_aead_test.cc b/cc/aead/internal/ssl_aead_test.cc index 6b2eab845..b27be5748 100644 --- a/cc/aead/internal/ssl_aead_test.cc +++ b/cc/aead/internal/ssl_aead_test.cc @@ -28,7 +28,6 @@ #include "gmock/gmock.h" #include "gtest/gtest.h" #include "absl/container/flat_hash_set.h" -#include "absl/memory/memory.h" #include "absl/status/status.h" #include "absl/strings/escaping.h" #include "absl/strings/str_cat.h" @@ -51,14 +50,13 @@ using ::crypto::tink::test::IsOk; using ::crypto::tink::test::StatusIs; using ::testing::AllOf; using ::testing::Eq; -using ::testing::IsEmpty; using ::testing::Not; using ::testing::TestParamInfo; using ::testing::TestWithParam; using ::testing::ValuesIn; constexpr absl::string_view kMessage = "Some data to encrypt."; -constexpr absl::string_view kAad = "Some data to authenticate."; +constexpr absl::string_view kAssociatedData = "Some associated data."; // 128 bits key. constexpr absl::string_view k128Key = "000102030405060708090a0b0c0d0e0f"; // 256 bits key. @@ -119,27 +117,27 @@ TEST_P(SslOneShotAeadTest, CiphertextPlaintextSize) { EXPECT_EQ((*aead)->PlaintextSize(0), 0); } -// Tests that encryption of `message` with `aad`, and `iv` succeeds; writes -// the result in `ciphertext_buffer`. +// Tests that encryption of `message` with `associated_data`, and `iv` succeeds; +// writes the result in `ciphertext_buffer`. void DoTestEncrypt(SslOneShotAead* aead, absl::string_view message, - absl::string_view aad, size_t tag_size, absl::string_view iv, - absl::Span<char> ciphertext_buffer) { + absl::string_view associated_data, size_t tag_size, + absl::string_view iv, absl::Span<char> ciphertext_buffer) { ASSERT_GE(ciphertext_buffer.size(), message.size() + tag_size); - util::StatusOr<int64_t> res = - aead->Encrypt(message, aad, iv, absl::MakeSpan(ciphertext_buffer)); + util::StatusOr<int64_t> res = aead->Encrypt( + message, associated_data, iv, absl::MakeSpan(ciphertext_buffer)); ASSERT_THAT(res.status(), IsOk()); EXPECT_EQ(*res, message.size() + tag_size); } -// Tests that decryption of `ciphertext_buffer` with `aad` and `iv` succeeds -// and equals `message`. +// Tests that decryption of `ciphertext_buffer` with `associated_data` and `iv` +// succeeds and equals `message`. void DoTestDecrypt(SslOneShotAead* aead, absl::string_view message, - absl::string_view aad, absl::string_view iv, + absl::string_view associated_data, absl::string_view iv, absl::string_view ciphertext_buffer) { std::string plaintext_buff; subtle::ResizeStringUninitialized(&plaintext_buff, message.size()); - util::StatusOr<int64_t> written_bytes = - aead->Decrypt(ciphertext_buffer, aad, iv, absl::MakeSpan(plaintext_buff)); + util::StatusOr<int64_t> written_bytes = aead->Decrypt( + ciphertext_buffer, associated_data, iv, absl::MakeSpan(plaintext_buff)); ASSERT_THAT(written_bytes.status(), IsOk()); EXPECT_EQ(*written_bytes, message.size()); EXPECT_EQ(plaintext_buff, message); @@ -157,9 +155,9 @@ TEST_P(SslOneShotAeadTest, EncryptDecrypt) { // Length of the message + tag. subtle::ResizeStringUninitialized(&ciphertext_buffer, (*aead)->CiphertextSize(kMessage.size())); - DoTestEncrypt(aead->get(), kMessage, kAad, test_param.tag_size, iv, + DoTestEncrypt(aead->get(), kMessage, kAssociatedData, test_param.tag_size, iv, absl::MakeSpan(ciphertext_buffer)); - DoTestDecrypt(aead->get(), kMessage, kAad, iv, ciphertext_buffer); + DoTestDecrypt(aead->get(), kMessage, kAssociatedData, iv, ciphertext_buffer); } // Calculates a new string with the `position`'s byte modified. @@ -178,36 +176,38 @@ void DoTestEncryptDecryptWithModifiedCiphertext(SslOneShotAead* aead, subtle::ResizeStringUninitialized(&ciphertext_buffer, kMessage.size() + tag_size); - util::StatusOr<int64_t> written_bytes = - aead->Encrypt(kMessage, kAad, iv, absl::MakeSpan(ciphertext_buffer)); + util::StatusOr<int64_t> written_bytes = aead->Encrypt( + kMessage, kAssociatedData, iv, absl::MakeSpan(ciphertext_buffer)); ASSERT_THAT(written_bytes.status(), IsOk()); EXPECT_EQ(*written_bytes, kMessage.size() + tag_size); std::string plaintext_buffer; subtle::ResizeStringUninitialized(&plaintext_buffer, kMessage.size()); - // Modify the ciphertext + // Modify the ciphertext. for (size_t i = 0; i < ciphertext_buffer.size() * 8; i++) { - EXPECT_THAT(aead->Decrypt(ModifyString(ciphertext_buffer, i), kAad, iv, - absl::MakeSpan(plaintext_buffer)) - .status(), - Not(IsOk())) + EXPECT_THAT( + aead->Decrypt(ModifyString(ciphertext_buffer, i), kAssociatedData, iv, + absl::MakeSpan(plaintext_buffer)) + .status(), + Not(IsOk())) << i; } - // Modify the additional data - for (size_t i = 0; i < kAad.size() * 8; i++) { - EXPECT_THAT(aead->Decrypt(ciphertext_buffer, ModifyString(kAad, i), iv, - absl::MakeSpan(plaintext_buffer)) - .status(), - Not(IsOk())) + // Modify the associated data. + for (size_t i = 0; i < kAssociatedData.size() * 8; i++) { + EXPECT_THAT( + aead->Decrypt(ciphertext_buffer, ModifyString(kAssociatedData, i), iv, + absl::MakeSpan(plaintext_buffer)) + .status(), + Not(IsOk())) << i; } - // Truncate the ciphertext + // Truncate the ciphertext. for (size_t i = 0; i < ciphertext_buffer.size(); i++) { std::string truncated_ct(ciphertext_buffer, 0, i); - EXPECT_THAT( - aead->Decrypt(truncated_ct, kAad, iv, absl::MakeSpan(plaintext_buffer)) - .status(), - Not(IsOk())) + EXPECT_THAT(aead->Decrypt(truncated_ct, kAssociatedData, iv, + absl::MakeSpan(plaintext_buffer)) + .status(), + Not(IsOk())) << i; } } @@ -246,8 +246,8 @@ TEST_P(SslOneShotAeadTest, TestBufferClearsIfDecryptionFails) { // Length of the message + tag. subtle::ResizeStringUninitialized(&ciphertext_buffer, kCiphertextSize); std::string iv = absl::HexStringToBytes(test_param.iv_hex); - util::StatusOr<int64_t> written_bytes = - (*aead)->Encrypt(kMessage, kAad, iv, absl::MakeSpan(ciphertext_buffer)); + util::StatusOr<int64_t> written_bytes = (*aead)->Encrypt( + kMessage, kAssociatedData, iv, absl::MakeSpan(ciphertext_buffer)); ASSERT_THAT(written_bytes.status(), IsOk()); EXPECT_EQ(*written_bytes, kCiphertextSize); @@ -259,7 +259,7 @@ TEST_P(SslOneShotAeadTest, TestBufferClearsIfDecryptionFails) { i++) { std::string modified_ciphertext = ModifyString(ciphertext_buffer, i); EXPECT_THAT((*aead) - ->Decrypt(modified_ciphertext, kAad, iv, + ->Decrypt(modified_ciphertext, kAssociatedData, iv, absl::MakeSpan(plaintext_buffer)) .status(), Not(IsOk())); @@ -267,35 +267,38 @@ TEST_P(SslOneShotAeadTest, TestBufferClearsIfDecryptionFails) { } } -void TestDecryptWithEmptyAad(SslOneShotAead* aead, absl::string_view ciphertext, - absl::string_view iv) { +void TestDecryptWithEmptyAssociatedData(SslOneShotAead* aead, + absl::string_view ciphertext, + absl::string_view iv) { if (IsFipsModeEnabled()) { GTEST_SKIP() << "Not supported in FIPS-only mode"; } std::string plaintext_buffer; subtle::ResizeStringUninitialized(&plaintext_buffer, kMessage.size()); - const absl::string_view empty_aad; - std::vector<absl::string_view> values = {empty_aad, absl::string_view(), ""}; - for (auto& aad : values) { - DoTestDecrypt(aead, kMessage, aad, iv, ciphertext); + const absl::string_view empty_associated_data; + std::vector<absl::string_view> values = {empty_associated_data, + absl::string_view(), ""}; + for (auto& associated_data : values) { + DoTestDecrypt(aead, kMessage, associated_data, iv, ciphertext); } } -void DoTestWithEmptyAad(SslOneShotAead* aead, absl::string_view iv, - size_t tag_size) { - const absl::string_view empty_aad; - std::vector<absl::string_view> values = {empty_aad, absl::string_view(), ""}; - for (auto& aad : values) { +void DoTestWithEmptyAssociatedData(SslOneShotAead* aead, absl::string_view iv, + size_t tag_size) { + const absl::string_view empty_associated_data; + std::vector<absl::string_view> values = {empty_associated_data, + absl::string_view(), ""}; + for (auto& associated_data : values) { std::string ciphertext_buffer; subtle::ResizeStringUninitialized(&ciphertext_buffer, kMessage.size() + tag_size); - DoTestEncrypt(aead, kMessage, aad, tag_size, iv, + DoTestEncrypt(aead, kMessage, associated_data, tag_size, iv, absl::MakeSpan(ciphertext_buffer)); - TestDecryptWithEmptyAad(aead, ciphertext_buffer, iv); + TestDecryptWithEmptyAssociatedData(aead, ciphertext_buffer, iv); } } -TEST_P(SslOneShotAeadTest, EmptyAad) { +TEST_P(SslOneShotAeadTest, EmptyAssociatedData) { if (IsFipsModeEnabled()) { GTEST_SKIP() << "Not supported in FIPS-only mode"; } @@ -304,32 +307,33 @@ TEST_P(SslOneShotAeadTest, EmptyAad) { test_param.cipher, util::SecretDataFromStringView( absl::HexStringToBytes(test_param.key_hex))); ASSERT_THAT(aead.status(), IsOk()); - DoTestWithEmptyAad(aead->get(), absl::HexStringToBytes(test_param.iv_hex), - test_param.tag_size); + DoTestWithEmptyAssociatedData(aead->get(), + absl::HexStringToBytes(test_param.iv_hex), + test_param.tag_size); } -// string_views, with `iv` and `aad`. -void DoTestEmptyMessageEncryptDecrypt(SslOneShotAead* aead, - absl::string_view iv, size_t tag_size, - absl::string_view aad = kAad) { +// string_views, with `iv` and `associated_data`. +void DoTestEmptyMessageEncryptDecrypt( + SslOneShotAead* aead, absl::string_view iv, size_t tag_size, + absl::string_view associated_data = kAssociatedData) { std::string ciphertext_buffer; subtle::ResizeStringUninitialized(&ciphertext_buffer, tag_size); { // Message is a null string_view. const absl::string_view message; - DoTestEncrypt(aead, message, aad, tag_size, iv, + DoTestEncrypt(aead, message, associated_data, tag_size, iv, absl::MakeSpan(ciphertext_buffer)); - DoTestDecrypt(aead, "", aad, iv, ciphertext_buffer); + DoTestDecrypt(aead, "", associated_data, iv, ciphertext_buffer); } { // Message is an empty string. const std::string message = ""; - DoTestEncrypt(aead, message, aad, tag_size, iv, + DoTestEncrypt(aead, message, associated_data, tag_size, iv, absl::MakeSpan(ciphertext_buffer)); - DoTestDecrypt(aead, "", aad, iv, ciphertext_buffer); + DoTestDecrypt(aead, "", associated_data, iv, ciphertext_buffer); } { // Message is a default-constructed string_view. - DoTestEncrypt(aead, absl::string_view(), aad, tag_size, iv, + DoTestEncrypt(aead, absl::string_view(), associated_data, tag_size, iv, absl::MakeSpan(ciphertext_buffer)); - DoTestDecrypt(aead, "", aad, iv, ciphertext_buffer); + DoTestDecrypt(aead, "", associated_data, iv, ciphertext_buffer); } } @@ -346,7 +350,7 @@ TEST_P(SslOneShotAeadTest, EmptyMessage) { DoTestEmptyMessageEncryptDecrypt(aead->get(), iv, test_param.tag_size); } -TEST_P(SslOneShotAeadTest, EmptyMessageAndAad) { +TEST_P(SslOneShotAeadTest, EmptyMessageAndAssociatedData) { if (IsFipsModeEnabled()) { GTEST_SKIP() << "Not supported in FIPS-only mode"; } @@ -356,14 +360,14 @@ TEST_P(SslOneShotAeadTest, EmptyMessageAndAad) { absl::HexStringToBytes(test_param.key_hex))); ASSERT_THAT(aead.status(), IsOk()); std::string iv = absl::HexStringToBytes(test_param.iv_hex); - const absl::string_view aad_default; - const absl::string_view aad_empty = ""; + const absl::string_view default_associated_data; + const absl::string_view empty_associated_data = ""; DoTestEmptyMessageEncryptDecrypt(aead->get(), iv, test_param.tag_size, - aad_default); + default_associated_data); DoTestEmptyMessageEncryptDecrypt(aead->get(), iv, test_param.tag_size, - /*aad=*/absl::string_view()); + /*associated_data=*/absl::string_view()); DoTestEmptyMessageEncryptDecrypt(aead->get(), iv, test_param.tag_size, - aad_empty); + empty_associated_data); } TEST_P(SslOneShotAeadTest, BufferOverlapEncryptFails) { @@ -381,7 +385,8 @@ TEST_P(SslOneShotAeadTest, BufferOverlapEncryptFails) { (*aead) ->Encrypt( absl::string_view(ciphertext_buffer).substr(0, kMessage.size()), - kAad, test_param.iv_hex, absl::MakeSpan(ciphertext_buffer)) + kAssociatedData, test_param.iv_hex, + absl::MakeSpan(ciphertext_buffer)) .status(), StatusIs(absl::StatusCode::kInvalidArgument)); } @@ -398,13 +403,13 @@ TEST_P(SslOneShotAeadTest, BufferOverlapDecryptFails) { // Length of the message + tag. subtle::ResizeStringUninitialized(&ciphertext_buffer, (*aead)->CiphertextSize(kMessage.size())); - DoTestEncrypt(aead->get(), kMessage, kAad, test_param.tag_size, iv, + DoTestEncrypt(aead->get(), kMessage, kAssociatedData, test_param.tag_size, iv, absl::MakeSpan(ciphertext_buffer)); EXPECT_THAT( (*aead) ->Decrypt( - ciphertext_buffer, kAad, iv, + ciphertext_buffer, kAssociatedData, iv, absl::MakeSpan(ciphertext_buffer).subspan(0, kMessage.size())) .status(), StatusIs(absl::StatusCode::kInvalidArgument)); |